Telegram Footer Patch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill openly patches OpenClaw’s Telegram reply code to add a footer; it is sensitive because it changes installed runtime files, but the behavior is disclosed, user-directed, and includes dry-run, backup, validation, and rollback guidance.
This looks like a transparent, purpose-built patching skill rather than malicious code. Still, it changes OpenClaw’s installed runtime files, so inspect the scripts, run dry-run first, back up the system or use staging, verify the exact files touched, restart only when ready, and confirm the revert script works.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the patch can change how OpenClaw sends Telegram replies and could break delivery if the wrong bundle is patched.
The skill intentionally modifies OpenClaw's installed runtime bundle files. This is disclosed and purpose-aligned, but it is a high-impact local change that can affect gateway behavior.
it **writes into your OpenClaw installation directory**
Run the dry-run first, use a staging/container environment if possible, confirm backups are created, and test rollback before relying on it in production.
A user who runs the smoke test will apply the patch to local OpenClaw bundles, not merely perform a passive check.
The smoke-test workflow does not only inspect files; it runs the patch script and changes candidate OpenClaw bundle files. SKILL.md also discloses this apply step.
python3 "$PATCH_SCRIPT" --dist "$DIST" --auto-discover
Treat the smoke test as a patch-and-verify workflow. Run it only after reviewing the target dist path and being ready to revert.
Telegram private-chat replies may expose session metadata such as model provider, model name, thinking level, and token/context usage to the chat recipient.
The injected delivery helper reads OpenClaw's local session store to retrieve model, thinking level, and token/context values for the footer.
await fs.readFile(`${homeDir}/.openclaw/agents/main/sessions/sessions.json`, "utf8")Install only if you are comfortable showing that metadata in Telegram private chats, and avoid using it where session metadata is considered sensitive.