Skillv1.0.7

ClawScan security

TMS (Telegram Media Server) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 30, 2026, 11:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill that consistently documents and directs the agent to call a Telegram Media Server (TMS) REST API; its requirements and instructions align with the described purpose and it does not request unrelated credentials or install code.
Guidance: This skill is coherent and appears to only instruct the agent to talk to a TMS API. Before installing: (1) ensure the TMS instance you point to (TMS_API_URL) is one you control and trust; (2) when the agent is not colocated with TMS, set a dedicated TMS_API_KEY and store it per-skill (do not reuse broad keys); (3) be aware the default BaseURL uses localhost — the agent will be able to reach local services when enabled, so restrict the skill or disable autonomous invocation if you don't want the agent to start/stop downloads without explicit prompts; (4) if you accept torrent files via uploads, be careful what files are placed in the agent workspace (the skill supports sending torrent_base64 derived from workspace files); (5) secure any webhook endpoints and rotate keys if exposed. If you want extra caution, disable model autonomous invocation for this skill or require explicit user confirmation before performing add/delete operations.

Review Dimensions

Purpose & Capability: okThe name/description match the runtime instructions: the skill is an API client for TMS and contains an inline OpenAPI spec. It does not ask for unrelated binaries, secrets, or system paths. Declared primaryEnv (TMS_API_URL) and optional TMS_API_KEY are coherent with the stated purpose.
Instruction Scope: noteInstructions are focused on making HTTP calls to the TMS API (health, list, add, delete, search). Two points to note: (1) defaulting BaseURL to http://127.0.0.1:8080 means the agent will target localhost by default, which is expected for same-host integrations but also enables access to local services; (2) the doc says torrent_base64 can be sent when the agent has the .torrent file content (e.g. user upload or read from workspace), which implies the agent may read workspace-uploaded files — this is within scope but worth awareness.
Install Mechanism: okInstruction-only skill with no install spec and no code to write or execute. Lowest-risk install posture (nothing is downloaded or written to disk by the skill itself).
Credentials: okNo required environment variables are listed; TMS_API_URL is the declared primaryEnv and TMS_API_KEY is optional in the docs. The requested envs are minimal and appropriate for an HTTP client to TMS; nothing unrelated is requested.
Persistence & Privilege: okalways:false and no special persistence is requested. The skill is allowed to be invoked autonomously by default (platform default); this is normal for skills and not in itself a concern.