Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Session Context Injector
v1.0.0Reorient a Telegram chat after a session reset. Reads a project's STATUS.md (resume point, blockers, next action) and sends a project-specific context inject...
⭐ 0· 32·0 current·0 all-time
byNissan Dookeran@nissan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with sending project context into Telegram. Required items declared (python3, TELEGRAM_BOT_TOKEN) are reasonable for that purpose. However, the SKILL.md expects other inputs (bot_token via op read, PROJECTS_DIR, memory files like sessions.json/telegram-groups.json) that are not declared in the registry metadata, which is an incoherence.
Instruction Scope
Instructions tell the agent to read local project files (projects/<slug>/STATUS.md), agent memory files (sessions.json, memory/telegram-groups.json), and to retrieve credentials via `op read`. None of these file paths or the use of the 1Password CLI are declared in the skill metadata. The skill will also transmit project STATUS content to external endpoints (api.telegram.org) — expected for the purpose, but you should confirm that sending potentially sensitive project content to Telegram chats is acceptable and limited to intended chat IDs.
Install Mechanism
No install spec and no included code files — instruction-only skill. Low disk/installation risk because nothing is downloaded or written by the skill bundle itself.
Credentials
Metadata declares a single credential (TELEGRAM_BOT_TOKEN), which is appropriate, but the SKILL.md also documents fetching `bot_token` with `op read "op://OpenClaw/Telegram Bot Token/credential"` (1Password) and references PROJECTS_DIR and agent memory files. The additional secret-retrieval and filesystem access are not reflected in requires.env or required config paths, creating a mismatch and potential surprise access to secrets or local files.
Persistence & Privilege
always is false (good). The skill can be autonomously invoked by the agent (default), which combined with an available bot token means it could send messages without manual approval. Autonomous invocation alone is normal, but because the skill posts externally and reads local project state, you should be aware of this behavior.
What to consider before installing
Before installing or enabling: 1) Confirm how the skill obtains the bot token — metadata lists TELEGRAM_BOT_TOKEN but SKILL.md shows an `op read` (1Password) step; clarify which method will be used and update metadata. 2) Verify PROJECTS_DIR and the locations of sessions.json / memory/telegram-groups.json — these filesystem reads are not declared and may expose project content; ensure the agent runs in a workspace you trust. 3) Review the Telegram bot's scope and which chats the bot can message (the skill contains a hard-coded special-case chat_id for Nissan). Limit the bot token permissions and rotate it if you enable the skill. 4) Ask the publisher to remove or explain hard-coded IDs, and to declare any CLI tools (e.g., 1Password CLI) needed at runtime. 5) Test in dry-run mode or a sandboxed environment first to ensure messages, truncation, and HTML formatting behave as expected and that no unintended data is leaked. If you cannot get answers to the above, treat the inconsistencies as a risk and do not grant the bot token or filesystem access.Like a lobster shell, security has layers — review code before you run it.
latestvk9713q7970b0hxq8zbdp4j5gms844pe5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
Binspython3
EnvTELEGRAM_BOT_TOKEN
Primary envTELEGRAM_BOT_TOKEN