Back to skill
Skillv1.0.0
ClawScan security
Telegram Routing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 8:37 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's described purpose (managing Telegram->Claude routing) matches its instructions, but it asks the agent to read/write a persistent OpenClaw config and restart the gateway while claiming no required config paths or credentials and has no source/homepage — this mismatch and the vagueness around restart/credentials are concerning.
- Guidance
- This skill appears to do what it says (edit routing config and switch backends), but be cautious: it comes from an unknown source and the metadata omits the config paths the instructions require. Before installing or allowing autonomous use, verify the skill's origin, back up ~/.openclaw/openclaw.json, and test actions manually: try making the config change yourself and restarting the gateway via known commands so you control what actually runs. Ask the author to (1) declare required config paths, (2) explain how service restart is performed, and (3) document where API credentials must be stored if switching to API providers. If you don't trust it, decline installation or restrict the skill from making persistent changes/autonomous invocations.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to manage routing via OpenClaw config, which legitimately requires reading and writing ~/.openclaw/openclaw.json and reading gateway logs. However, the registry metadata lists no required config paths or credentials even though the SKILL.md explicitly instructs access and modification of ~/.openclaw/openclaw.json and gateway logs; that mismatch is incoherent and should be justified.
- Instruction Scope
- concernRuntime instructions tell the agent to read and update ~/.openclaw/openclaw.json, restart the OpenClaw gateway service, and inspect gateway logs. Those actions are within the skill's domain but are high-impact (persistent config change + service restart). The SKILL.md is vague about how to perform the restart and about where credentials for API backends would come from, giving the agent broad discretion.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk by an installer. That lowers installation risk.
- Credentials
- noteThe skill declares no environment variables or primary credentials, which is consistent with an editor for local config. However, the model shorthand can resolve to API providers (e.g., 'anthropic/claude-haiku-4-5') that normally require API keys; the skill does not declare or explain where such credentials are stored or how they should be supplied. That omission is notable.
- Persistence & Privilege
- noteThe skill modifies a persistent user config file and instructs a service restart; even though it is not 'always: true', these persistent changes can affect runtime behavior across agent runs. Because the skill can be invoked autonomously by default, its ability to change configuration increases the potential impact and deserves caution.