TELOS
AdvisoryAudited by VirusTotal on Mar 26, 2026.
Overview
Type: OpenClaw Skill Name: telos Version: 1.0.2 The 'telos' skill is a personal life-management framework (Life OS) that allows the AI to maintain context on a user's goals, beliefs, and missions. It manages Markdown files locally in the user's workspace and includes utility scripts for initialization, updates, and backups (scripts/init-telos.ts, update-telos.ts, backup-telos.ts). While the skill handles sensitive personal data and uses a hook (hooks/telos-context.js) to inject this data into the system prompt, its behavior is transparently documented, entirely local, and strictly aligned with its stated purpose. The presence of security-focused updates in the CHANGELOG.md, such as restricting the automatic injection of sensitive 'trauma' data, further supports a benign classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted restore command could copy unexpected local files into TELOS or overwrite files outside the TELOS directory, potentially exposing or damaging local data.
The restore-file command uses CLI-supplied filename and version directly in filesystem paths without validating against allowed TELOS files or ensuring resolved paths stay under TELOS_DIR/BACKUPS_DIR.
const backupPath = join(BACKUPS_DIR, version); ... const targetPath = join(TELOS_DIR, filename); ... cpSync(backupPath, targetPath);
Validate restore filenames against the approved TELOS file list, reject path separators and '..', resolve paths and require they remain inside the intended directories, and require explicit confirmation for restore operations.
Your personal goals, beliefs, and other notes may strongly influence future agent responses, and sensitive entries may be included in model context when the hook is enabled.
User-editable TELOS files are persisted locally and injected back into the agent as system-level context. This is purpose-aligned and disclosed, but the content should be treated as sensitive data, not trusted instructions.
ctx.inject.push({ role: "system", content: `[TELOS Context — User's life framework]\n\n${context.join("\n\n")}` });Use the hook only if you want persistent personalization, keep secrets out of TELOS files, and add safeguards so TELOS content is explicitly treated as user data rather than instructions.
If you install the hook, TELOS context may be loaded automatically even when you do not explicitly ask for it in that session.
The skill documents optional persistent hook behavior that continues across sessions after installation. It is disclosed and opt-in, so this is a notice rather than a malicious persistence finding.
Installing the hook enables automatic context injection at every session start. This is intentional behavior — opt in only if you want TELOS context always available.
Install the hook only if you want always-on TELOS context, and remove it from the OpenClaw hooks directory if you want to disable persistent behavior.
Users may not realize before installation that local script execution requires bun/node and that the optional hook must be installed separately.
The registry metadata under-declares runtime needs compared with SKILL.md, which lists bun and node for scripts/hooks. The behavior is disclosed in SKILL.md, but metadata should match.
Required binaries (all must exist): none ... Install specifications: No install spec
Declare bun and node in registry metadata and document the hook installation as an explicit optional setup step.