AEGIS
ReviewAudited by ClawScan on May 10, 2026.
Overview
AEGIS appears to be a coherent crisis-monitoring skill with disclosed scheduling, source fetching, local storage, and optional Telegram/LLM integrations; no artifact-backed malicious behavior was found.
AEGIS does not show artifact-backed malicious behavior, but install it with caution appropriate for a life-safety alerting tool: test manually before enabling cron, protect tokens and local config files, use local LLM mode if privacy matters, and verify urgent guidance against official emergency sources.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill can repeatedly run and publish crisis alerts or briefings without per-message confirmation.
The skill instructs users to create recurring automated jobs that run the scanner and can lead to alert delivery. This is expected for a monitoring tool, but it is autonomous once enabled.
openclaw cron add --every 15m --message "Run AEGIS scan: python3 <skill-dir>/scripts/aegis_cron.py"
Run scans manually first, enable only the cron jobs you actually want, keep the live feed disabled unless needed, and monitor early outputs before relying on automated alerts.
A bad or misleading source could influence an automated briefing or safety recommendation.
The skill’s agent-facing workflow depends on external news/OSINT content to produce actionable briefings. That is core to the purpose, but retrieved content can be wrong, manipulative, or adversarial.
Analyze raw news/intelligence data and assess threat relevance to the user's location
Cross-check urgent recommendations with official alerts, treat generated guidance as advisory, and add explicit prompt-injection/source-isolation safeguards if extending the skill.
If the bot token is exposed or over-permissioned, someone could post messages to the Telegram channel.
The optional Telegram integration uses credentials that can post to the configured channel. This is disclosed and purpose-aligned, but it grants account/channel authority.
AEGIS_BOT_TOKEN — Telegram bot token ... AEGIS_CHANNEL_ID — Telegram channel ID
Use a dedicated Telegram bot with minimal permissions, prefer environment variables over shared config files, protect the config directory, and revoke/rotate tokens if exposed.
A shared or backed-up machine could reveal the user’s location, monitoring interests, alert history, or configured channels.
The skill persists user location and alert preferences locally, along with scan state/log files. This is disclosed and useful for the skill, but it is privacy-sensitive in conflict-zone contexts.
Creates `~/.openclaw/aegis-config.json` with location, language, and alert preferences.
Restrict filesystem permissions, avoid storing secrets in shared directories, set AEGIS_DATA_DIR to a protected location if needed, and periodically clear logs/state if privacy matters.
Using a cloud LLM or Telegram integration may expose alert text, location context, or operational details to third-party services.
The optional cloud LLM path can send verification context to a configured provider. This is disclosed, but users should understand that crisis/location context may leave the local machine.
"provider": "openai", "endpoint": "https://openrouter.ai/api", "model": "meta-llama/llama-3-8b-instruct", "api_key": "sk-or-..."
Use local Ollama if privacy is important, review provider data-retention terms, and avoid sending sensitive personal details in configuration or monitored prompts.
A user or platform may not be warned up front that the skill depends on local Python/curl scripts.
The registry summary says no required binaries, while the skill documentation and _meta.json describe python3/curl script execution. This looks like under-declared metadata rather than hidden installation behavior.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Ensure python3 and curl are available before use, and prefer corrected registry metadata that matches SKILL.md and _meta.json.