Skillv0.1.0

ClawScan security

Life Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:30 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SKILL.md expects repository scripts and Telegram bot credentials but the published skill contains no code, no declared environment variables, and no source/homepage — these mismatches make the package incoherent and risky until resolved.
Guidance: Do not install or run this skill yet. The SKILL.md references local scripts and sensitive Telegram bot tokens, but the published package contains no code and declares no environment variables — this is an incoherence you should resolve before proceeding. Ask the publisher for: (1) the repository or homepage and a verifiable source; (2) the full list of files (scripts, routines, references/openclaw.md) and a signed release or commit hash; (3) an explicit list of required environment variables (names and intended use) and guidance for secure storage; and (4) a code review or at least the contents of bootstrap.sh and telegram-sender.sh so you can inspect what they do. If you must test, run it in an isolated environment (ephemeral VM/container) and never paste real bot tokens — create throwaway Telegram bots and test accounts. If the author cannot produce the missing files and a clear provenance, treat the skill as unsafe.

Review Dimensions

Purpose & Capability: concernThe description says this orchestrates a Life Control CLI (bootstrap DB, register personas, wire Telegram bots, run routines). That purpose legitimately needs scripts and Telegram credentials, but the registry metadata lists no code files and no required env vars. The skill claims functionality that cannot be satisfied by the published package as-is.
Instruction Scope: concernSKILL.md instructs the agent to run local scripts (skills/life-control/scripts/bootstrap.sh, telegram-sender.sh), to export Telegram chat ID and bot tokens, and to load references/openclaw.md. Those instructions direct the agent to perform privileged actions (initialize DB, register agents, send Telegram messages) and to use sensitive credentials, yet the skill bundle contains no scripts or reference files. The instructions also suggest adding cron entries to schedule message delivery, which implies persistent scheduled execution and credential use. The instructions therefore overreach relative to the published artifact.
Install Mechanism: concernNo install spec is provided (instruction-only), which would be fine if the skill were truly only instructions. However, SKILL.md depends on on-disk scripts and other repo files that are absent. This mismatch means following the instructions would fail or require fetching code from an unspecified source — a risky step if a user attempts to satisfy the missing pieces themselves.
Credentials: concernThe runtime instructions explicitly require Telegram chat IDs and bot tokens (sensitive secrets), but the skill declares no required environment variables or primary credential. There is no guidance about where/how to store these secrets or how they will be used. Requesting messaging credentials is reasonable for the feature, but the omission from the declared requirements and lack of provenance for the scripts is a red flag for potential credential misuse or accidental leakage.
Persistence & Privilege: notealways is false and autonomous invocation is allowed (platform default). The skill asks users to schedule cron jobs (persistent scheduled runs), which is consistent with its purpose but increases runtime exposure of any tokens used. There is no evidence the skill attempts to modify other skills or system-wide configs, but the absence of package files means any install/run would require manual actions outside the registry.