TELOS
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
TELOS mostly matches its local personal-notes purpose, but its restore script has unsafe path handling that could overwrite or expose local files if invoked with crafted arguments.
Only install TELOS if you are comfortable storing personal life notes locally for AI use. Avoid installing the optional hook unless you want automatic context loading every session. Be especially careful with backup/restore commands, and prefer waiting for a version that validates restore paths before using restore-file with any untrusted or manually typed names.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted restore command could copy unexpected local files into TELOS or overwrite files outside the TELOS directory, potentially exposing or damaging local data.
The restore-file command uses CLI-supplied filename and version directly in filesystem paths without validating against allowed TELOS files or ensuring resolved paths stay under TELOS_DIR/BACKUPS_DIR.
const backupPath = join(BACKUPS_DIR, version); ... const targetPath = join(TELOS_DIR, filename); ... cpSync(backupPath, targetPath);
Validate restore filenames against the approved TELOS file list, reject path separators and '..', resolve paths and require they remain inside the intended directories, and require explicit confirmation for restore operations.
Your personal goals, beliefs, and other notes may strongly influence future agent responses, and sensitive entries may be included in model context when the hook is enabled.
User-editable TELOS files are persisted locally and injected back into the agent as system-level context. This is purpose-aligned and disclosed, but the content should be treated as sensitive data, not trusted instructions.
ctx.inject.push({ role: "system", content: `[TELOS Context — User's life framework]\n\n${context.join("\n\n")}` });Use the hook only if you want persistent personalization, keep secrets out of TELOS files, and add safeguards so TELOS content is explicitly treated as user data rather than instructions.
If you install the hook, TELOS context may be loaded automatically even when you do not explicitly ask for it in that session.
The skill documents optional persistent hook behavior that continues across sessions after installation. It is disclosed and opt-in, so this is a notice rather than a malicious persistence finding.
Installing the hook enables automatic context injection at every session start. This is intentional behavior — opt in only if you want TELOS context always available.
Install the hook only if you want always-on TELOS context, and remove it from the OpenClaw hooks directory if you want to disable persistent behavior.
Users may not realize before installation that local script execution requires bun/node and that the optional hook must be installed separately.
The registry metadata under-declares runtime needs compared with SKILL.md, which lists bun and node for scripts/hooks. The behavior is disclosed in SKILL.md, but metadata should match.
Required binaries (all must exist): none ... Install specifications: No install spec
Declare bun and node in registry metadata and document the hook installation as an explicit optional setup step.