Telegram Footer Patch
Security checks across malware telemetry and agentic risk
Overview
The skill mostly does what it says, but it persistently patches OpenClaw’s live Telegram delivery code and adds under-disclosed runtime access to local session records.
Review before installing. Use this only on an OpenClaw instance you control, run the dry-run first, verify exactly which dist files will be changed, and test rollback. Be aware that the applied patch reads local OpenClaw session records at send time and exposes provider/model/thinking/context details in Telegram private-chat replies.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.