Skillv1.0.1

ClawScan security

Telegram Context · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 9:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior (reading a small local state file and calling the platform's Telegram message tool for the current chat) matches its description; no unexplained credentials, installs, or broad system access are requested.
Guidance: This skill appears to do exactly what it says: when enabled it will fetch recent messages from the current Telegram chat (via the platform's message tool), include those messages in the AI context, and store only a small local settings file (memory/telegram-context.json). Before enabling: (1) Confirm you trust the OpenClaw gateway's Telegram integration and that it enforces 'current chat only' permissions; misconfiguration there could broaden access. (2) Remember fetched messages are sent to your configured LLM provider and may appear in logs—avoid auto-fetch for very sensitive conversations or use manual fetch with a low fetchCount. (3) Check where memory/telegram-context.json is stored/backed up and who can read it. Test the skill in a non-sensitive chat first to confirm behavior matches expectations.

Review Dimensions

Purpose & Capability: okThe name/description say it will fetch recent Telegram messages for session continuity; the instructions only read/write a local memory file and call the built-in `message` tool limited to the current chat. These requirements are proportionate to that purpose.
Instruction Scope: noteSKILL.md instructs the agent to read/write memory/telegram-context.json and to call the platform `message` tool with action: 'list' for the current Telegram chat. That stays within the stated scope. Two things to note: (1) message content is explicitly included in the agent context and sent to your configured LLM provider (this is a privacy exposure the skill discloses), and (2) the skill assumes the platform's `message` tool enforces the 'current chat only' restriction — if the gateway/tool is misconfigured, fetched scope could be wider than intended.
Install Mechanism: okNo install spec or external downloads — instruction-only skill. No files are written by an installer, which minimizes supply-chain risk.
Credentials: noteThe skill declares no environment variables or credentials (which is consistent). It does rely on the OpenClaw gateway having Telegram channel permissions already configured; that external permission is necessary but not requested by the skill itself. Also, the registry metadata doesn't list the memory path it uses (memory/telegram-context.json), though using a skill-local memory file is expected.
Persistence & Privilege: okThe skill is not always-on and is user-invocable. It reads/writes its own state file but does not request system-wide config changes or elevated privileges. Autonomous invocation is allowed by default but is not an unusual privilege here.