ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CommunityOS

v1.2.0

Deploy and manage CommunityOS - a Harness Engineering Telegram multi-bot collaboration platform. Use when: setting up a Telegram multi-bot community system,...

0· 44·0 current·0 all-time
by@pandarey0130-lab
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a Telegram multi-bot system with governance and RAG — this matches the name/description. Requested LLM keys and Telegram bot tokens are appropriate for that purpose. However, registry metadata declares no required env vars while the SKILL.md metadata and many runtime files expect multiple bot token and LLM env vars, and several token names in code (PANDORA_TOKEN, CYPHER_TOKEN, BUZZ_TOKEN, QUANTKEY_TOKEN, TELEGRAM_BOT_TOKEN_PANDA, etc.) do not consistently match each other — raising a coherence / usability issue.
Instruction Scope
SKILL.md tells the agent to init a project, edit a local .env, install Python deps and run start scripts — all consistent with deploying the described system. The runtime code also reads local .env files, accesses local admin data (admin/data/*.json), fetches URL content for RAG, and can call external APIs for broadcast content; these operations are plausible but broaden the skill's runtime actions beyond simply replying on Telegram (network fetches, indexing local files, optional HTTP admin endpoints).
Install Mechanism
There is no install spec (instruction-only from the registry perspective), but the package contains many Python scripts and a requirements.txt with heavy dependencies (langchain, chromadb, fastapi, etc.). Installing these dependencies will pull substantial third-party packages; that is expected for a RAG/Telegram platform but increases attack surface and setup complexity.
!
Credentials
The skill requires Telegram tokens and LLM API keys in order to function — appropriate in principle. The concern is inconsistent declaration and usage of env var names between SKILL.md, code, and the registry (registry lists none; SKILL.md lists BOT_TOKEN/TELEGRAM_BOT_TOKEN_* and LLM keys; code reads PANDORA_TOKEN/CYPHER_TOKEN/BUZZ_TOKEN/QUANTKEY_TOKEN and also falls back to TELEGRAM_BOT_TOKEN_*). This mismatch can cause accidental token exposure or misconfiguration. The skill also auto-reads a local .env file (user-provided) and will make outbound HTTP requests (indexer.fetch, broadcasts), so sensitive tokens placed in .env may be used for networked actions — verify where values are sent.
Persistence & Privilege
always:false (no forced presence). The code spawns subprocesses, may start an admin FastAPI app (admin/app.py is present in the package and fastapi/uvicorn are in requirements), and writes/creates a project directory when you run the init/create scripts. There is no evidence it modifies other skills or system-wide agent settings, but the presence of an admin server and networked behavior increases runtime privileges compared to a purely client-side tool.
What to consider before installing
This package appears to be a full Telegram multi-bot framework and will need valid Telegram bot tokens and at least one LLM API key. Before installing or running it: - Inspect and reconcile env var names: the SKILL.md and the code use different variable names (e.g., TELEGRAM_BOT_TOKEN_PANDA vs PANDORA_TOKEN). Make sure you set the exact env vars the runtime expects to avoid misconfiguration. - Review admin/app.py and any code that starts a FastAPI/uvicorn server — understand what endpoints it exposes and whether it accepts incoming connections or sends data out. - Expect substantial dependency installation (langchain, chromadb, fastapi, etc.). Install and run this in an isolated environment (virtualenv or container) first. - Audit code paths that fetch URLs or call external API endpoints (broadcast API endpoints, indexer fetch) to confirm they do not send secrets. Limit tokens to least privilege and store them separately if possible. - Because the package reads a local .env, keep sensitive keys scoped and rotate them if you test with real credentials. - If you need higher assurance, run the init and start scripts in a sandbox VM or container, monitor network traffic, and open the admin server only on localhost or behind authentication. Overall: functionally coherent for its purpose, but the env-name mismatches and unspecified admin/network behaviors warrant caution and manual review before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk975s5dbpybajsz1r2p7nf4501844ywe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Any binpython3
Environment variables
BOT_TOKENTelegram Bot Token from @BotFather (per bot, defaults to TELEGRAM_BOT_TOKEN_PANDA)
TELEGRAM_BOT_TOKEN_PANDATelegram Bot Token for the panda helper bot
TELEGRAM_BOT_TOKEN_CYPHERTelegram Bot Token for the cypher moderator bot
TELEGRAM_BOT_TOKEN_BUZZTelegram Bot Token for the buzz broadcaster bot
MINIMAX_API_KEYMiniMax API Key for LLM (from minimax-portal.com)
CLAUDE_API_KEYOptional: Anthropic Claude API Key for alternative LLM
APIYI_KEYOptional: APIYI Key for alternative LLM
OPENAI_API_KEYOptional: OpenAI API Key for alternative LLM

Comments