ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Telegram Media

v1.0.0

Send generated charts, photos, documents, and ElevenLabs TTS voice clips securely through Telegram using executed shell commands.

0· 627·0 current·0 all-time
by@ryandeangraves
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md behavior (sending photos, documents, generated charts, and ElevenLabs TTS via Telegram) is consistent with the stated purpose. However the registry declares no required environment variables while the runtime instructions explicitly require TELEGRAM_TOKEN, TELEGRAM_CHAT_ID, ELEVEN_API_KEY (or ELEVENLABS_API_KEY), and ELEVEN_VOICE_ID via load_env and a .env file — an inconsistency that should be corrected.
!
Instruction Scope
Instructions mandate executing shell/exec commands from ~/clawd, import a local load_env.py (which reads .env), run arbitrary local scripts (e.g., crypto_charts.py), read arbitrary files (PHOTO_PATH, FILE_PATH, charts/...), write temp files (/tmp/frank_voice.mp3), and post the results to external APIs. That gives the skill the ability to read and transmit any file under ~/clawd and any secrets present in .env — behavior broader than a minimal 'send media' skill and worthy of caution.
Install Mechanism
Instruction-only skill with no install spec and no code files in the registry — lowest install risk. Nothing is downloaded or written by an installer step in the skill manifest.
!
Credentials
The runtime requires bot and TTS API credentials, which are appropriate for Telegram + ElevenLabs functionality. However the registry fails to declare these required env vars. More importantly, the use of load_env.py to load a .env file means any other secrets in that .env (or files under ~/clawd) could be read and sent — requesting access to an entire .env is disproportionate unless limited and documented.
Persistence & Privilege
The skill is not always-enabled and has no installation step. The platform-default autonomous invocation is allowed; by itself this is normal, but combined with the ability to read local files and .env and then send data externally it increases potential blast radius. Consider restricting autonomous invocation or providing a tightly-scoped bot token before enabling.
What to consider before installing
This skill will run shell/python commands from ~/clawd, load a .env (via load_env.py) and expects TELEGRAM and ElevenLabs credentials even though the registry doesn't list them. Before installing: 1) Confirm the source of load_env.py and crypto_charts.py and inspect their code — they may read and send arbitrary files. 2) Put only the minimal credentials needed into a dedicated .env for this skill (use a Telegram bot token limited to a single chat or a throwaway bot). 3) Avoid placing unrelated secrets in the same .env or ~/clawd. 4) If possible, run the skill in an isolated environment (container) and disable autonomous invocation until you trust the scripts. 5) Ask the publisher to update the registry to declare the required env vars and to document exactly which files the skill will read and send.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erbs7fkgx7wb2pkqjd6gt1d81f75s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments