Skillv0.1.3

ClawScan security

miso · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 3:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (Telegram mission/status UI) is plausible, but the included scripts access undeclared local config paths (and require local bot credentials / assets) that the SKILL.md does not disclose — this mismatch warrants caution.
Guidance: This skill appears to implement a legitimate Telegram mission-control UI, but there are mismatches between what it declares and what the code does. Before installing or running it: - Inspect /Users/shunsukehayashi/.openclaw/openclaw.json (or the equivalent OpenClaw config on your system). The helper script expects to read a Telegram bot token there; ensure you understand and control that file and token. - Consider modifying miso_telegram.py to require an explicit environment variable (e.g., MISO_TELEGRAM_BOT_TOKEN) or to prompt for the token rather than reading a hardcoded path. - Verify whether the GIF assets the scripts expect actually exist (assets/progress/* and agent GIFs). The package snapshot here doesn't list an assets/ folder. - Be cautious about automatic state writes: the skill will create/update ~/.openclaw/workspace/skills/mission-control/.miso-state.json per its docs; if you don't want persistent files, run it in an isolated environment or sandbox. - If you don't trust the author or don't want the skill automatically sending messages, do not provide bot credentials or run the scripts that contact Telegram. If you want to proceed but reduce risk: run the code in a disposable environment, supply a test bot token with limited permissions, or change the code to log actions instead of performing network calls until you confirm behavior. If you want higher confidence, ask the author to (1) remove hardcoded user paths, (2) explicitly declare required config paths/credentials in the registry metadata, and (3) require credentials via explicit env vars or an interactive config step.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a Telegram-native mission-control template, which fits the included helper scripts. However, the code expects a user-specific OpenClaw config at /Users/shunsukehayashi/.openclaw/openclaw.json to read a Telegram bot token and uses a workspace path (~/.openclaw/...) for persistent state. The registry metadata declared no required config paths or credentials, so the code's real requirements are not reflected in the declared metadata.
Instruction Scope: concernSKILL.md templates and runtime instructions focus on message format, reactions, and commands and do not instruct reading local files. In contrast, scripts and design docs show runtime behaviours that read/write local state (.miso-state.json under ~/.openclaw/...), call Telegram APIs, and expect asset GIFs. This is scope creep: the runtime artifacts access local configuration and filesystem state that the SKILL.md does not mention or justify.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in general. The repository includes Python scripts that use third-party libs (Pillow in generate_progress_gif.py) and expect an assets/ directory (GIFs) that are not present in the manifest snapshot. No remote downloads are present. The absence of an install step means dependencies and assets may be missing at runtime and would need manual installation.
Credentials: concernThe skill declared no required environment variables or primary credential, yet miso_telegram.py reads a Telegram bot token from a hardcoded CONFIG_PATH (/Users/shunsukehayashi/.openclaw/openclaw.json). It also documents writing state under ~/.openclaw/workspace/skills/… and references a channel chatId (-1003700344593). Requesting credentials via a local config file (and not declaring that requirement) is disproportionate to the metadata and could cause unexpected access to sensitive tokens/configs.
Persistence & Privilege: concernThe design and docs explicitly describe persistent state (creating/updating ~/.openclaw/workspace/skills/mission-control/.miso-state.json) and pin/unpin operations in Telegram. Writing state to the user's OpenClaw workspace is reasonable for a mission-control skill, but this behavior was not declared in the skill metadata (required config paths: none). Additionally, the script contains a hardcoded absolute path with the author's username which is non-portable and may inadvertently expose assumptions about local file layout.