Skillv0.2.0

ClawScan security

Clawpet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a legitimate Telegram mini‑app virtual pet, but there are multiple inconsistencies and some missing security checks (notably Telegram initData HMAC validation TODO and mismatched bot names), so review before installing and exposing a tunnel.
Guidance: This skill looks like a normal Telegram Mini App game, but there are a few red flags to check before installing: - Inconsistent bot names: different files point to OpenClawTamagotchi_bot, Bombaligrim_bot and other t.me links. Decide which bot you intend to register and update all references accordingly. - initData HMAC is not validated: server.py and the docs explicitly mark Telegram initData validation as TODO. Without validating initData (using your BOT_TOKEN) the app may accept forged requests — add HMAC verification before exposing the service publicly. - install.sh will symlink into ~/.openclaw and ~/.hermes and will move existing directories to *.bak if they exist. Back up any existing skills or data before running it. - The instructions require running cloudflared to expose a tunnel. Exposing a local server to the public increases risk — only publish after fixing HMAC validation and verifying the bot URL. If you plan to use it: (1) choose and register the correct bot in BotFather, (2) set BOT_USERNAME/APP_SHORT_NAME/PET_PORT as needed, (3) implement/enable Telegram initData HMAC validation with your BOT_TOKEN, and (4) back up any existing skill directories before running install.sh.

Review Dimensions

Purpose & Capability: noteName/description (Tamagotchi-style Telegram Mini App) matches the code and runtime instructions: web frontend, Python server, card generation, and social links. Requiring python3 is proportionate. However several files reference different bot usernames (OpenClawTamagotchi_bot vs Bombaligrim_bot vs t.me links in SKILL.md/README/install comments), which is an incoherence that could cause accidental misconfiguration or expose the wrong bot URL.
Instruction Scope: concernSKILL.md instructs running python3 server.py and cloudflared to expose the app — that's expected. But the runtime notes explicitly say Telegram initData HMAC validation is TODO (no BOT_TOKEN usage), meaning the Mini App does not validate Telegram-supplied initData yet; this weakens authenticity/authorization of incoming requests. install.sh will symlink into agent skill directories and will move/backup existing target directories if present, which can overwrite or relocate existing user data without strong warnings.
Install Mechanism: okThere is no packaged installer in the registry entry; installation is instruction-only plus an included install.sh that creates symlinks into ~/.openclaw and ~/.hermes. No remote downloads or obscure URLs are used by the install script. The only network-facing action the docs instruct is to run a cloudflared tunnel (user-run).
Credentials: noteManifest declares no required env vars and only python3 as a binary, which is reasonable. The code, however, reads optional env vars (BOT_USERNAME, APP_SHORT_NAME in inline-button.js; PET_PORT in server.py). Those are reasonable for configuration but are not declared in SKILL.md metadata. The SKILL.md/CLAUDE.md explicitly note that proper Telegram HMAC verification using BOT_TOKEN is TODO — the lack of BOT_TOKEN/validation at runtime is a security gap and should be addressed before exposing the server publicly.
Persistence & Privilege: concernalways:false and agent-autonomy defaults are fine. The install script will create symlinks into agent skill directories and will rename existing directories to .bak if they are not symlinks — this modifies agent filesystem state and could replace existing skill content. That's expected for installing a skill but users should be warned because it can silently move/backup existing data.