Skillv1.0.1

ClawScan security

Telegram Todo List · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 9:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill purports to be a 'Telegram' todo-bot but its code only manipulates a local TODO.md and lacks any Telegram integration; several implementations are buggy or inconsistent with the SKILL.md.
Guidance: This skill is internally inconsistent rather than obviously malicious: it claims to be a Telegram bot but contains only a local TODO.md manager and several buggy implementations (task numbering, delete, and timestamp handling). Before installing or enabling it for autonomous use, consider: 1) Do you need actual Telegram integration? If so, request or add secure Telegram API code and credentials handling. 2) Backup any existing /root/.openclaw/workspace/TODO.md — the skill will create/overwrite that file. 3) Review and test the script in a sandboxed environment (non-production workspace) to confirm behavior and fix bugs (marking complete, deleting, numbering, timestamps). 4) Ask the author to clarify purpose and provide a README or remove 'Telegram' from the name if it is only a helper library. Because of these mismatches and implementation issues, treat this skill cautiously and do not enable it with sensitive data or broad autonomous access until corrected.

Review Dimensions

Purpose & Capability: concernName and SKILL.md describe a Telegram bot with /todo commands, but the included Python script has no network/Telegram API code, no webhook/long-polling, and requests no Telegram credentials. The script only reads/writes a local TODO.md in the agent workspace, so the 'Telegram' aspect is missing or misleading.
Instruction Scope: concernSKILL.md instructs the agent to support query/organize/execute semantics (including timestamp updates, moving tasks between sections, and accurate numbering). The implementation reads/writes TODO.md and formats output, but many behaviors described are not implemented or are implemented incorrectly (e.g., timestamp updates on completion are not added, task-number → line mapping logic is flawed, delete_task logic is incorrect). Instructions do not direct reading of unrelated files or external endpoints, but they claim capabilities the code does not provide.
Install Mechanism: okNo install spec — instruction-only + a single script. Nothing is downloaded or written by an installer. This is the lowest install risk.
Credentials: noteNo environment variables or credentials are requested (appropriate for a local file-based todo manager). The script uses a hardcoded workspace path (/root/.openclaw/workspace/TODO.md) which matches SKILL.md; this grants access only to the agent workspace but should be noted (it will create/overwrite that file).
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated privileges or modify other skills. It writes a TODO.md template into the workspace on missing-file errors — expected for this purpose.