Skillv1.0.1

ClawScan security

Telegram Alerts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 7:10 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions say it needs TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID, but the registry metadata claims no required environment variables — this mismatch is concerning even though the skill's behavior (sending Telegram alerts) itself is plausible.
Guidance: This skill appears to do what it says (send Telegram trading alerts) and legitimately needs a TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID, but the registry metadata does not list those environment variables — that discrepancy is the main red flag. Before using: 1) Ask the publisher to update the manifest to declare required env vars explicitly so reviewers and automated checks see them. 2) Use a dedicated Telegram bot token (do not reuse other tokens), and only give it the minimum permissions; consider creating a bot account just for alerts. 3) Store the token in a secure secret manager rather than plaintext .env if possible. 4) Be aware the agent can send messages autonomously (disable-model-invocation is false); ensure you trust the agent's triggers and the content it may send. 5) If you need stronger assurance, request the author provide explicit runtime commands or a minimal code sample so reviewers can confirm no other data is accessed or transmitted.

Review Dimensions

Purpose & Capability: concernName and description claim Telegram trading alerts, which justifies needing a Telegram bot token and chat id. However, the registry metadata declares no required environment variables or primary credential while SKILL.md explicitly says TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID are required — the manifest and runtime instructions are inconsistent.
Instruction Scope: noteSKILL.md is instruction-only and only describes sending formatted alerts to Telegram and requiring two .env values. It does not instruct reading unrelated files or contacting other external endpoints, but the instructions are terse/vague (no explicit runtime commands) and rely on an out-of-band .env file for secrets.
Install Mechanism: okNo install spec and no code files — lowest-risk delivery model. Nothing will be downloaded or written by an installer according to the registry.
Credentials: concernThe environment variables referenced in SKILL.md (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) are proportionate to sending Telegram messages. The concern is that the registry metadata does not declare these required credentials, so an automated permission review or user expecting a manifest-driven check could miss that secrets are needed or used.
Persistence & Privilege: okalways:false and no install behavior — the skill does not request permanent/system-level presence. disable-model-invocation is false (agent may call it autonomously), which is normal for skills; combine this with the metadata mismatch when deciding risk tolerance.