Skillv0.1.2

ClawScan security

Delete Agent With Telegram Group · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 21, 2026, 3:58 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: its instructions and included script only touch ~/.openclaw and user-home workspaces (with guards), require explicit confirmations, and do not request credentials or network access.
Guidance: This skill appears to do exactly what it says: run the dry-run first and inspect its JSON plan; confirm local deletion explicitly; the script will back up openclaw.json and jobs.json before overwriting and will only delete workspaces under your home when the folder name starts with "claw-". It does NOT automatically delete Telegram groups — SKILL.md instructs you to perform browser automation or manual deletion separately and to require an extra confirmation for that step. Before using: (1) run the provided dry-run and review the printed plan, (2) inspect the backup files it creates, (3) verify openclaw.json contents and other data you may want to keep, and (4) avoid running any separate browser automation unless you trust the tooling. If you need higher assurance, open the script yourself to confirm there are no unexpected network calls (there are none) and consider making offline copies of critical files before proceeding.

Purpose & Capability: okThe name/description (delete an agent and related local artifacts including Telegram routing config) aligns with the included script and SKILL.md: the script edits ~/.openclaw/openclaw.json, cron jobs, agent dir, and optional workspace removal. Nothing requested or included appears unrelated to that purpose.
Instruction Scope: noteSKILL.md enforces a 3-step destructive gate and instructs a dry-run first; the Python script implements those behaviors. The SKILL.md mentions Telegram group deletion via external browser automation/manual steps but does not include code to perform remote/browser control—this is an out-of-band action that correctly requires separate explicit user consent. Verify any browser automation you run independently.
Install Mechanism: okNo install spec (instruction-only with a bundled script). No downloads or package installs are performed by the skill, so no install-time code-fetch risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond standard home-dir file paths. The script only reads/writes files under the user's home (~/.openclaw) and optionally workspaces under the user's home with a claw-* name guard.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-wide privileges. It does modify only its own OpenClaw config files and writes backups in-place; that is expected for a deletion tool.