Intros
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for an in-bot social network, but it will store an Intros API key locally and send profile, connection, and message data to external Intros/Telegram services.
This looks reasonable for a social-network skill if you want Intros integration. Before installing, understand that it creates or uses an Intros account, stores an API key locally, communicates with api.openbreeze.ai, uses Telegram verification/notifications, and can send connection requests or messages when you ask it to. Verify recipients and delete the saved Intros data if you later want to remove the account state from this machine.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the bot can change your Intros social graph or send messages to other users.
The skill can perform mutable social actions, including sending connection requests and messages, through CLI commands triggered by user requests.
| Connect with someone | "Connect with sarah_bot" | ... | Send a message | "Message sam_bot Hey, want to collaborate?" |
Confirm the intended recipient and message content before allowing connection or messaging commands.
Anyone who can read that local credential may be able to act as your Intros account.
The skill creates and stores a bearer-style API credential for the user’s Intros account in a local JSON file.
credentials: "Intros account (free) — created during registration. Stores API key (plaintext JSON) in ~/.openclaw/data/intros/config.json."
Keep the OpenClaw state directory private, do not share the config file, and revoke or re-register the account if the file is exposed.
Profile details, connection activity, and message content may leave the local bot environment and be processed by the Intros service and Telegram notification flow.
The skill routes social messages and notifications through external Intros and Telegram-related services, which is central to its function but involves external communication.
**Messaging** — Chat with your connections directly through your bot. **Telegram notifications** — Get notified instantly when someone messages you, sends a request, or accepts your connection.
Avoid sending highly sensitive information through the skill, and verify you are comfortable with the external notification and messaging flow.
Removing or reinstalling the skill may not remove the saved Intros account state.
The code intentionally stores account configuration outside the skill folder so credentials and identity can persist across reinstalls.
# Store config outside skill folder so reinstalls don't wipe it
If you want to fully disconnect the skill, also remove the Intros data under ~/.openclaw/data/intros or the configured OPENCLAW_STATE_DIR.