Skillv0.1.0

ClawScan security

Signallink · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 5:02 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and required credentials are consistent with a webhook→Telegram router and do not request unrelated permissions or suspicious installs.
Guidance: This implementation appears to do exactly what it says: receive JSON webhooks, optionally validate a shared secret, format the data, and post messages via the Telegram Bot API. Before installing: (1) Only provide TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID to trusted agents/services and rotate the token if it’s ever exposed. (2) If you deploy publicly, set WEBHOOK_SECRET and ensure your endpoint is not open to the internet or is protected by firewall/ingress rules; otherwise anyone can POST to your webhook. (3) Logs print incoming payloads — treat logs as sensitive and secure log storage. (4) Run in an isolated environment (Docker recommended) and limit the bot’s permissions (use a bot with only the needed scope). (5) If you want extra assurance, review the referenced GitHub repo history and run the code locally to audit network calls during testing.

Purpose & Capability: okName/description match the required binaries (python3, docker), environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID), and included FastAPI + Telegram client code. Nothing requested is unrelated to forwarding webhooks to Telegram.
Instruction Scope: okSKILL.md instructs the agent to collect the Telegram bot token/chat ID, configure .env, and run the service (Docker or Python). Runtime instructions and code only reference webhook payload handling, message formatting, and sending to Telegram; they do not instruct the agent to read unrelated files or exfiltrate data to other endpoints.
Install Mechanism: okNo external installers or downloads are specified. The skill includes application source files and uses standard Python dependencies listed in requirements.txt—no extract-from-arbitrary-URL installs or unusual package hosts.
Credentials: noteRequested env vars are minimal and expected for the stated purpose (bot token, chat id; optional webhook secret and port). Note: TELEGRAM_BOT_TOKEN is sensitive—the app logs incoming payloads (logger.info) which can contain signal data; ensure logs and deployed environment are protected and do not leak tokens or payloads.
Persistence & Privilege: okSkill does not request permanent platform privileges (always is false). It does not attempt to modify other skills or system-wide agent settings.