Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Spaces Group Assistant
v0.1.2Предоставляет расширенный доступ к внутренним данным, аналитике и логам в доверенной группе Telegram с ограничением доступа к календарю.
⭐ 0· 950·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description claim expanded access to internal KB, MEMORY.md, logs and analytics for a trusted Telegram group, and the code+docs implement a gate that enables that behavior for chat_id -4842304105. However, the skill itself does not declare any permissions or credentials and simply returns control to the core assistant to perform the actual data access — meaning it functions as an access gate rather than a data consumer. That design is coherent with the stated purpose but increases risk because it implicitly allows the main assistant to expose local workspace data to the group.
Instruction Scope
SKILL.md explicitly instructs the agent to provide summaries from local files (e.g., spaces-KB.md, MEMORY.md), logs, and to run exec/server-side hooks when requests come from the trusted group. Those instructions encourage reading and returning potentially sensitive local data and executing server-side actions. The JS code does not implement content filtering — it purposefully returns null for the trusted group which lets the core assistant handle returning workspace/log/exec results. This scope includes sensitive read/execute actions that go beyond a simple chat responder and are not narrowed by user identity.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a small JS gatekeeper file. Nothing is written to disk by an installer and no external URLs or packages are pulled during installation.
Credentials
The skill requires no environment variables or credentials, but its described functionality (accessing workspace files, memory, logs, and running exec hooks) entails access to highly sensitive local data and possibly secrets. Requesting no explicit credentials is not inherently wrong, but the lack of declared limits combined with the promised ability to surface logs and run server-side hooks is disproportionate and could expose credentials or secrets present in the workspace.
Persistence & Privilege
always:false (good), but the skill intentionally relaxes per-user authorization inside the designated group (the code comments 'Нет фильтра по user — реагируем на всех'). That means any member of the trusted group can trigger full-access behavior. Because model invocation is allowed (default), the skill can be invoked autonomously and thus increases the blast radius if the group membership is not tightly controlled. The skill does not modify other skills' configs, but it effectively elevates privileges for group members.
What to consider before installing
This skill is designed to let any member of a specific Telegram group see internal workspace files, logs, and run server-side hooks. Only install it if the group membership is strictly controlled and you understand that the skill intentionally bypasses per-user checks. Before installing: (1) confirm there are no secrets in workspace files, logs, or MEMORY.md; (2) prefer a version that enforces an allowlist of specific user IDs (not 'any participant'); (3) require admin approval for expanding FULL_POWER_GROUPS; (4) test in a sandboxed environment; and (5) consider additional auditing/alerting for data access from the assistant. If you lack a security review process, treat this as high-risk and avoid enabling it.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckcnhwtw4fsqxwaayzs6je181bkb8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.