ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Channels Setup

v1.0.0

Guide to set up and configure IM channels(Telegram, Discord, Slack, Feishu, Dingtalk) for OpenClaw.

0· 525·32 current·33 all-time
bypeter@petopagi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (channels setup) matches the instructions: it shows how to enable/configure Telegram, Discord, Slack, Feishu, and Dingtalk via the openclaw CLI or by editing openclaw.json. Requiring channel tokens and app secrets in configuration is expected for this purpose.
Instruction Scope
Most instructions stay on-task (setting config keys and enabling channels). However the SKILL.md references absolute root paths (/root/.nvm/nvm.sh, /root/.openclaw/..., /root/.local/share/pnpm/...) and suggests running ls against those paths. Those references assume a specific install location and root user context and could cause confusion or unnecessary access attempts; the file-edit and restart steps manipulate local config and services as expected for channel setup.
Install Mechanism
There is no install specification and no code files — this is instruction-only, so nothing will be downloaded or written by the skill itself. This is the lowest-risk install model.
Credentials
The skill does not declare required environment variables but instructs you to provide sensitive tokens/secrets (botToken, appSecret, clientSecret, gateway tokens/passwords) in the OpenClaw config files or via the openclaw CLI. That is proportionate to the task, but you should be aware these are sensitive credentials and the SKILL.md assumes you will place them in local config (not environment variables).
Persistence & Privilege
always is false and the skill is user-invocable only. The skill does instruct restarting the gateway (openclaw gateway restart), which changes system state, but it does not request persistent privileges or attempt to modify other skills' configurations.
Assessment
This guide is generally coherent for setting up IM channels, but review a few things before proceeding: 1) Confirm you have the openclaw CLI installed and understand where it is installed (the SKILL.md assumes /root and nvm); run commands as a non-root user when possible. 2) The instructions ask you to add bot tokens/app secrets into OpenClaw config — treat those as sensitive: store them in a secure location, restrict file permissions, and avoid pasting secrets into chats. 3) The doc references root-specific paths (/root/.nvm/nvm.sh, /root/.openclaw, /root/.local/...), which may not exist on your system; update paths to your actual user home or the correct install locations. 4) The skill tells the agent to restart the gateway; ensure you want that service restarted and notify impacted users before doing so. 5) If you need higher assurance, open the referenced README files directly from your installation (not from this guide) and validate that the commands modify only the intended OpenClaw config files.

Like a lobster shell, security has layers — review code before you run it.

latestvk970k9jjwrax4vvtx1dg07eych81vbp7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments