emoji and tg stickers use proactively based on mood
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tg-sticker-emoji-mood Version: 3.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability (specifically, Python code injection) found in `scripts/send_sticker.sh`. The `emoji` parameter, when passed to the `send_sticker_by_emoji` function, is directly embedded into a `python3 -c` command string without proper sanitization. This allows an attacker to break out of the Python string literal using a single quote and execute arbitrary Python code, leading to potential Remote Code Execution (RCE) on the host system. While the `SKILL.md` instructions are benign and align with the stated purpose, they direct the AI agent to use this vulnerable script.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot could send stickers into private or group chats more often than the user expects, creating spam, awkward posts, or inappropriate public-facing reactions.
The skill explicitly encourages frequent autonomous posting into Telegram chats without per-message approval or clear chat/rate scoping.
You have the ability to send Telegram stickers and emojis **on your own** ... do NOT need the user to ask ... Send a sticker **before** your text reply — roughly **80–100% of the time**
Add explicit opt-in per chat, rate limits/cooldowns, and confirmation or stricter rules for group, channel, formal, or business-critical conversations.
If an attacker can influence the emoji argument through the conversation or prompt injection, the helper may run arbitrary code in the agent's local environment.
The shell argument is embedded directly into a Python -c program. A crafted emoji value containing quotes/Python syntax could execute unintended Python code if the agent passes it through.
--emoji) EMOJI="$2"; shift 2 ;; ... emoji = '${emoji}'Do not interpolate arguments into code strings. Pass the emoji via stdin, environment, or JSON, validate it as an expected emoji value, or safely quote it with a proper serialization method.
Anyone with the bot token could control the bot’s API actions, including sending messages or stickers where the bot has access.
The Telegram bot token is used to call the Telegram Bot API and send stickers, which is expected for the stated purpose but still grants account/bot authority.
Requires: TELEGRAM_BOT_TOKEN environment variable ... API="https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}" ... /sendStickerUse a dedicated bot token, keep it only in a secure environment variable, restrict the bot’s chat permissions where possible, and rotate the token if it may have been exposed.
Version or provenance inconsistencies can make it harder to verify exactly which package was reviewed or installed.
The registry metadata lists version 3.0.0, while the packaged _meta.json lists 2.0.0; combined with unknown source/homepage metadata, this is a minor provenance/reviewability gap.
"version": "2.0.0"
Publish consistent package metadata and provide a source/homepage link or other provenance information; users should review the included files before enabling the skill.