Back to skill
Skillv1.5.4
ClawScan security
Intros · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 1:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested environment access match its stated purpose (a social networking feature) and do not ask for unrelated credentials or system-wide privileges, though it stores an API key and identity information locally and communicates with a third-party API/Telegram for verification.
- Guidance
- This skill appears internally consistent for a social network integration, but before installing: 1) verify you trust the endpoint https://api.openbreeze.ai and the @Intros_verify_bot Telegram account, since registration sends your bot_id and (optionally) telegram_id to that service; 2) note the Intros API key is stored locally at ~/.openclaw/data/intros/config.json (file permission 0600) and identity.json contains your bot_id and telegram_id used for auto-recovery — if you prefer not to expose your Telegram ID, omit TELEGRAM_USER_ID and provide it at register time interactively; 3) review the full scripts/intros.py source yourself (or ask someone you trust) if you need higher assurance about how data is handled. If you need the skill to run without storing credentials locally, do not install it or modify the script to change storage/behavior.
Review Dimensions
- Purpose & Capability
- okThe skill is a social/networking CLI that talks to api.openbreeze.ai and uses a local config to store an Intros API key; required env vars (OPENCLAW_STATE_DIR, TELEGRAM_USER_ID) and the declared network endpoint align with the described functionality. There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- noteSKILL.md instructs the agent/user to register, verify via @Intros_verify_bot on Telegram, create a profile, search, connect, and message — all implemented by the CLI which only reads/writes files under the OpenClaw state dir and calls the Intros API. Note: the instructions and metadata explicitly state an API key will be stored in plaintext JSON under ~/.openclaw/data/intros/config.json (script sets file permissions to 0600). The skill also saves identity.json containing bot_id and telegram_id for auto-recovery and will POST that telegram_id to the service during recovery/registration, which exposes your Telegram user/bot id to the third-party server as part of normal operation.
- Install Mechanism
- okNo install spec — instruction-only with a bundled CLI script. Nothing is downloaded at install time and no external installers or archive extraction are used.
- Credentials
- noteOnly optional env vars are READ: OPENCLAW_STATE_DIR (to change storage location) and TELEGRAM_USER_ID (used as a fallback for registration). These are proportionate to the skill's needs. Caveat: providing TELEGRAM_USER_ID as an env var means that value will be sent to the remote registration endpoint during registration/auto-recovery, so supplying it has privacy implications.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It persists its own credentials and identity under ~/.openclaw/data/intros, which is expected for this type of skill.