Back to skill
Skillv1.0.11
VirusTotal security
Telegram Footer Patch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:20 AM
- Hash
- 3715d0e56d2d26f439715bf6ac2dc610fb5ef901a8aa8efd360764fcc13d7fee
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telegram-footer-patch Version: 1.0.11 The skill patches OpenClaw's production JavaScript bundles (e.g., in `/usr/lib/node_modules/openclaw/dist`) to inject a Telegram footer, which is a high-risk operation. The injected code in `scripts/patch_reply_footer.py` uses dynamic Node.js imports (`node:fs/promises`) to read sensitive session metadata directly from the filesystem (`~/.openclaw/agents/main/sessions/sessions.json`). While the skill includes safety features like dry-runs, backups, and syntax verification, the capability to modify core application logic and access session databases represents a significant security risk, even if aligned with the stated purpose.
- External report
- View on VirusTotal