OpenClaw Hook Development
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A hook copied from these examples can run code whenever relevant agent events occur, not only at the moment the user edits it.
The skill explicitly teaches hooks that execute JavaScript/TypeScript during agent lifecycle events. This is central to the skill’s purpose, but users should understand that enabled hooks run automatically at bootstrap.
Internal Hook 是 OpenClaw Gateway 内部的事件处理器,在 agent 生命周期事件(如 `agent:bootstrap`)触发时执行 JavaScript/TypeScript 代码。
Only enable hook files you have reviewed, keep event filters narrow, and remove or disable hook entries when they are no longer needed.
Hook-injected files may change the agent’s working context on future sessions.
The example injects a virtual file into the agent bootstrap context. This is disclosed and purpose-aligned, but injected context can influence what the agent sees and does.
event.context.bootstrapFiles.push({
path: 'HOOK_REMINDER.md',
content: reminderContent,
virtual: true,
});Keep injected content minimal, trusted, and clearly labeled; avoid injecting untrusted or user-supplied instructions into bootstrap files.
Anyone running or modifying the script could access the Telegram bot token from the local OpenClaw config.
The Telegram test script reads the local OpenClaw configuration to extract a bot token. This is expected for testing Telegram notifications, but the token is an account credential and is not declared in the registry metadata.
const configContent = fs.readFileSync(configPath, 'utf-8');
const tokenMatch = configContent.match(/\"botToken\":\s*\"([^\"]+)\"/);Use a dedicated Telegram bot token with limited purpose, verify the chat ID before sending, and avoid sharing logs or modified scripts that could expose credentials.