LINE Rich Messages
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only LINE UI template skill with no code or credentials, but users should review its LINE plugin use, tappable buttons/links, and stale file-delivery references.
This skill appears safe to install if you want an instruction-only guide for richer LINE messages. Before use, verify your LINE plugin configuration, prefer narrower button scopes such as DM-only when possible, review any generated links/buttons, and ignore the README's file-delivery references unless you separately install and review a dedicated file-sharing workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make messages easier to tap, including buttons that send text back or open a web link.
The skill documents LINE UI directives that can create tappable actions or external links. This is central to the skill's purpose, but labels, URLs, and any action-like buttons should be user-approved.
`[[buttons: Title | Description | BtnLabel1:action1, BtnLabel2:https://url.com]]` ... `action`: Sent back as a message. `https://...`: Opens the URL in the browser.
Use these directives for intended LINE UX only; verify URLs and require explicit confirmation for destructive or account-affecting actions.
Messages produced with this skill will use the LINE channel already configured in OpenClaw.
The skill depends on the user's configured LINE plugin/channel identity to send rich messages. The artifacts also state that tokens are not embedded, so this is expected delegated channel use rather than credential handling.
`requires`: { `plugins`: [`line`] } ... `Sending messages is handled by your OpenClaw LINE channel/plugin setup.`Install only in workspaces where the LINE channel is intentionally configured, and scope inline-button behavior to DMs or groups as appropriate.
A user or agent reading the README could be confused about whether file delivery is supported.
The manifest does not include `references/file-delivery.md`, and SKILL.md says file delivery was intentionally removed. This looks like stale or inconsistent documentation, not active exfiltration code.
`File Delivery SOP`: Integrated workflow for delivering files via Google Drive buttons. ... `references/file-delivery.md`: Google Drive integration guide.
Treat file delivery as out of scope for this skill unless a separate, reviewed, tightly scoped file-sharing skill is installed.