ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Telegram Post

v1.0.0

Отправляет текстовые и мультимедийные сообщения в указанные Telegram-группы через OpenClaw CLI с использованием заданного CHAT_ID.

0· 55·1 current·1 all-time
by@larthe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match the instructions (sending Telegram messages via OpenClaw CLI). However, the instructions embed a live-looking Telegram bot token in curl examples and reference specific local user paths (/home/larthe/...) and gateway details without declaring any required credentials or configuration. A well-formed Telegram skill would declare a bot token/credential and not hard-code another user's absolute paths.
!
Instruction Scope
SKILL.md instructs running openclaw and curl commands, listing local media files, and hitting a local gateway (127.0.0.1:18789). It therefore instructs the agent to access local filesystem paths and network endpoints and to use a hard-coded bot token — actions that go beyond simple message formatting and can expose or misuse local files and credentials.
Install Mechanism
No install spec is present (instruction-only), so nothing is written to disk or downloaded by the skill itself. That lowers supply-chain risk, though runtime instructions still invoke local binaries and network calls.
!
Credentials
The skill declares no required environment variables or primary credential, yet the SKILL.md contains a Telegram bot token in a curl example and references user-specific media directories. This mismatch (no declared credential but visible secret in instructions) is disproportionate and potentially exposes credentials or suggests the skill was copied from another user's environment.
Persistence & Privilege
always is false (good). Autonomous invocation is allowed (platform default). Combined with embedded credentials and local file references, autonomous runs could access local files and call external APIs — increasing blast radius. This is not inherently forbidden but worth considering before enabling autonomous invocation.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner detected unicode control characters/prompt-injection patterns in SKILL.md. This is not expected for a straightforward Telegram-posting skill and may indicate deliberate or accidental injection payloads embedded in the text. Treat the SKILL.md content as potentially manipulated and inspect raw file for hidden characters.
What to consider before installing
Do not install blindly. Review the SKILL.md raw text and remove or rotate any hard-coded secrets (the curl example contains a Telegram bot token). Verify that the OpenClaw CLI and the local gateway referenced are ones you control, and confirm the absolute file paths (/home/larthe/...) map to intended media directories. Prefer skills that declare their required credentials (e.g., BOT_TOKEN) and expect them via environment variables or a secrets manager rather than embedding tokens. If you already used the embedded token, assume it may be compromised: revoke/rotate it and audit the bot's admin privileges. Finally, if you will allow autonomous invocation, restrict the agent's permissions or run it in an isolated account/container to limit access to local files and network endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aa2j2r8r720hwpb39jxn5g983vdby

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments