ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Group Activation

v1.0.0

Handles joining and leaving group conversations on messaging platforms (WhatsApp, Signal, Telegram, etc.). Use when the owner tags the agent into a group cha...

0· 297·0 current·0 all-time
bySean Blanchfield@seanblanchfield
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the runtime behavior: the skill is meant to open and close an agent's participation window in group chats. However, the procedure requires writing to a global gateway config (openclaw.json) and manipulating per-channel group entries; those capabilities are more privileged than the skill metadata declares (no required config paths or permissions).
!
Instruction Scope
SKILL.md explicitly instructs the agent to patch channels.<platform>.groups.<group_id>.requireMention in openclaw.json, create one-shot cron jobs, cancel them, and possibly remove group entries. Those steps modify system-wide configuration and scheduling, which go beyond simple message handling and are not scoped or constrained in the instructions (no safeguards, no explicit API usage, no limits on which files/entries may be changed).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. The static scanner had no files to analyze.
!
Credentials
The skill declares no required env vars or config paths, yet asks to read inbound metadata and to modify openclaw.json and create cron/at jobs. Granting the ability to edit openclaw.json and schedule jobs is a high-privilege action not justified by the declared requirements; those accesses should be explicitly declared and limited.
!
Persistence & Privilege
Although always:false and autonomous invocation are normal, the skill's behavior requires changing a global gateway configuration (hot-reloaded) and creating scheduled jobs. This effectively gives the skill capability to change agent-wide access controls and persist state across restarts — a meaningful privilege that isn't surfaced in the metadata.
What to consider before installing
This skill asks the agent to edit openclaw.json (a global gateway config) and to create one-shot cron jobs, but the skill metadata doesn't declare any config paths, required binaries, or permissions. Before installing: (1) ask the author to explicitly declare required config paths and scheduling mechanism (e.g., an API vs. direct file edits), (2) prefer an implementation that uses a gateway control API rather than raw file edits, (3) ensure the agent runs with least privilege (deny write access to openclaw.json unless strictly necessary), (4) require audit/logging for any config changes and scheduled tasks, and (5) test in a staging environment first. Because the package is instruction-only and the scanner had no files to check, perform manual review or request more detail from the publisher before granting the agent permission to modify system configuration or create scheduled jobs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cf25xv29j81x35gzanaz4pn81zx7w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Group Activation

When the owner tags you into a group on any messaging platform, follow this procedure.

Prerequisites

channels.<platform>.groupPolicy, groupAllowFrom, and groups.*.requireMention are set so that only the owner can wake you in any group. Trigger phrases are defined in agents.list[main].groupChat.mentionPatterns. This applies to WhatsApp, Signal, Telegram, and other supported platforms.

Procedure

Step 1 — Capture context

From the inbound message metadata: platform (e.g. whatsapp, signal), group ID (the chat_id / from field), and duration (parse from the owner's message — default 30 minutes if unspecified).

Step 2 — Open the gate

Patch channels.<platform>.groups.<group_id>.requireMention to false in openclaw.json. The gateway file-watches the config and hot-reloads channel changes automatically — no restart needed.

Step 3 — Respond naturally

Say hi, introduce yourself briefly if it's a new group. Participate like a human in a group chat — use judgment about when to contribute. Do not respond to every message.

Step 4 — Set a closing cron job

Create a one-shot cron job (kind: "at") for the parsed duration. When it fires: patch requireMention back to true for this group in openclaw.json, then send a brief goodbye to the group. The gateway hot-reloads and the gate closes — no owner action needed.

Step 5 — Confirm

Tell the owner the window is open and when it closes: "Joined! I'll be here for 60 minutes — going quiet at 4:19 PM."

Controls

  • Extend: owner says @<agent> stay for another X mins → cancel existing cron, set a new one
  • Close early: owner says @<agent> that's enough / close → patch requireMention: true immediately, cancel cron, say goodbye

Notes

  • Group ID is in inbound message metadata (chat_id / from field)
  • Config changes hot-reload — no gateway restart or Docker restart needed
  • When closing, remove the specific group entry from groups or set requireMention: true to return to the wildcard default

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…