Skillv1.0.0

ClawScan security

OpenClaw Add Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions generally match the stated purpose (adding a Telegram agent) but contain hard-coded paths and a missing dependency declaration (the 'openclaw' restart command), so it’s coherent but has small inconsistencies you should verify before trusting it with secrets.
Guidance: This skill appears to be what it says (adding a Telegram bot to OpenClaw) but check a few things before proceeding: 1) Ensure the config path (/home/xgao/.openclaw/openclaw.json) and workspace path match your system — the SKILL.md uses a hard-coded user home. 2) Back up openclaw.json before editing. 3) Treat the Telegram bot token as a secret: avoid pasting it into public chat logs or shared repos; prefer storing it with proper file permissions or a secrets manager if supported. 4) Confirm you have an 'openclaw' command available (or the correct service management step) — the instructions call for `openclaw restart` but the skill metadata doesn't declare that binary. 5) After adding the account, verify allowFrom user IDs and policies are correct to avoid accidental exposure. If these checks pass, the instructions are reasonable; if you need the skill to run commands automatically (instead of manual edits), request a version that declares required binaries and install steps.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match the runtime instructions: it collects a Telegram bot token and updates OpenClaw configuration (agents, bindings, telegram account). However, the SKILL.md uses hard-coded paths under /home/xgao (e.g., /home/xgao/.openclaw/openclaw.json and /home/xgao/clawd-workspace/) which may not match the installer's environment. Also it tells the user to run 'openclaw restart' but the skill metadata does not declare that binary as required.
Instruction Scope: noteInstructions are explicit about editing a local config file, creating a workspace directory, and restarting OpenClaw. They require sensitive input (Telegram bot token, allowed user IDs) but do not instruct transmitting those secrets to any external endpoint. The scope is limited to local config changes, but the hard-coded user paths and lack of guidance about backing up or locking the config are notable.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code to write to disk, which is the lowest-risk install mechanism.
Credentials: noteNo environment variables or other credentials are requested in metadata. The skill does ask the user to provide a Telegram bot token (sensitive) and user IDs — reasonable for a Telegram binding — but the instructions do not describe secure handling or storage of that token (it will be placed in a JSON file).
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistent privileges. Its actions are limited to editing the user's OpenClaw config and workspace directories, which is expected for this purpose.