ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Hook Development

v1.0.2

Create, debug, and maintain OpenClaw Gateway internal hooks for agent events like bootstrap, including virtual file injection and Telegram notification fixes.

0· 229·1 current·1 all-time
by@cbd2020
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (developing and debugging OpenClaw internal hooks) aligns with the instructions and included code: reading workspace files, injecting virtual bootstrap files, and calling the Telegram API are coherent capabilities for this purpose. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to read ~/.openclaw/openclaw.json, workspace files (e.g., ~/.openclaw/workspace/memory), and call api.telegram.org — all consistent with a notification/debugging hook. It does read/semi-parse a local config file to extract bot tokens (which are secrets), so users should expect the hook to access those local files. There are no instructions to exfiltrate data to unexpected endpoints.
Install Mechanism
This is instruction-only (no install spec). The skill ships two example JS scripts but does not download or install remote code during install — lower installation risk.
Credentials
The skill does not declare required env vars, but its code reads the user's OpenClaw config file to extract botToken and may use TELEGRAM_CHAT_ID / OPENCLAW_CONFIG if set. Reading the OpenClaw config (which can contain tokens) is proportionate to sending Telegram notifications, but users should be aware that the hook will access local config files containing secrets.
Persistence & Privilege
The skill does not request permanent/always-on privileges and is user-invocable. It documents placing hooks under ~/.openclaw/hooks and modifying ~/.openclaw/openclaw.json — actions expected for hook deployment; nothing in the package attempts to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: inject virtual files and send Telegram notifications by reading your OpenClaw config and workspace. Before installing or enabling it: (1) Inspect ~/.openclaw/openclaw.json to see what tokens would be accessible — the example extracts botToken via regex from that file. (2) Replace placeholder chat IDs in the example or set TELEGRAM_CHAT_ID appropriately. (3) Be aware the hook will read workspace files (e.g., memory/*.md) and can send their info in messages. (4) The provided example code has bugs/typos (missing require('os') in one example, and several stray assignments like "ult = handler" and repeated "ts.default = handler") that may throw runtime exceptions or crash the hook when loaded; fix these errors before using in production. (5) If you want to test, run the included scripts in a safe environment (offline or with a throwaway bot token) and review logs (tail ~/.openclaw/logs/gateway.err.log). If you are not comfortable with code that reads local config files containing tokens, do not enable this hook.

Like a lobster shell, security has layers — review code before you run it.

latestvk977n40cy121y5rs6qxwj6q0w982xn77

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments