ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

orchestration, telegram, cron

v1.0.0

Orchestrate a PM bot and one or more Dev bots in a private Telegram group. Use to turn plain chat commands like "DEV skill install <slug>" and "DEV cron add...

0· 179·0 current·0 all-time
by@kiril-shturman

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kiril-shturman/pm-dev-orchestrator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "orchestration, telegram, cron" (kiril-shturman/pm-dev-orchestrator) from ClawHub.
Skill page: https://clawhub.ai/kiril-shturman/pm-dev-orchestrator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pm-dev-orchestrator

ClawHub CLI

Package manager switcher

npx clawhub@latest install pm-dev-orchestrator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and scripts implement a Dev-bot executor for Telegram commands (skill and cron management) which aligns with the skill name/description. However the registry lists no required env vars/configs while SKILL.md clearly requires GROUP_CHAT_ID, PM_FROM_ID and DEV_BOT_TOKEN and also instructs edits to ~/.openclaw/openclaw.json and restarting the gateway — a metadata vs. runtime-config mismatch that should have been declared.
Instruction Scope
Instructions are narrowly scoped to reading Telegram group messages, allowlisting the PM sender, and invoking local CLIs (clawhub, openclaw cron). That matches the stated purpose. Caveats: the runtime will execute local CLI commands (which may install/modify code on disk) and capture CLI output (the script truncates and emits CLI output back as chat replies), so CLI outputs could inadvertently reveal secrets or sensitive information unless operators ensure CLI behavior is safe.
Install Mechanism
No install spec — instruction-only plus a small scaffold script. Nothing is downloaded from external URLs or installed automatically by the skill package itself, so there is no immediate supply-chain install risk from this bundle.
!
Credentials
The SKILL.md demands a Telegram bot token (DEV_BOT_TOKEN) and numeric IDs (GROUP_CHAT_ID, PM_FROM_ID) and suggests writing to ~/.openclaw/openclaw.json; yet the registry metadata declares no required env vars or config paths. DEV_BOT_TOKEN is a sensitive credential and should have been declared as primaryEnv. The script also optionally uses OPENCLAW_WORKSPACE and writes a temp JSON file into the workspace — these filesystem accesses are proportional to the task but should be explicitly declared.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to alter other skills' configs. It instructs editing the OpenClaw gateway config (~/ .openclaw/openclaw.json) which is appropriate for enabling Telegram allowlisting but is a privileged operation and should be performed carefully. Autonomous invocation of commands is part of intended behavior when the Dev bot is configured to run CLI actions.
What to consider before installing
Before installing or running this skill, consider the following: - Metadata mismatch: The registry declares no required env vars, but SKILL.md requires GROUP_CHAT_ID, PM_FROM_ID and DEV_BOT_TOKEN and asks you to edit ~/.openclaw/openclaw.json. Treat DEV_BOT_TOKEN as a sensitive secret — the package should have declared it. - Trust boundary: This setup lets a trusted PM bot trigger local CLI commands (clawhub install/update, openclaw cron add/run). If PM_FROM_ID or group configuration is wrong or spoofed, an attacker could cause the Dev server to install arbitrary skills or run cron jobs. Only enable this in a private, well-controlled group and verify PM_FROM_ID carefully. - CLI outputs may leak secrets: The scaffold returns CLI stdout/stderr (truncated). Ensure clawhub/openclaw commands do not print secrets in outputs before forwarding replies into chat. - Review installed skills: clawhub install pulls and installs third-party skill code that will run on your server. Consider using an isolated environment or manual review process for newly installed skills. - Filesystem writes: The script writes temporary job JSON into the workspace and suggests editing openclaw config. Back up configs and ensure workspace path permissions are appropriate. - Use the included script only for testing: scripts/dev_executor.py is a scaffold that reads stdin or prints parse results; it does not itself integrate with Telegram APIs (intentionally). Integrate only via controlled wrappers and prefer OpenClaw's own gateway allowlist mechanism rather than running an always-on unreviewed daemon. If you want to proceed: ask the author to update the package metadata to declare the required credentials (mark DEV_BOT_TOKEN as primaryEnv), and consider performing an audit of any ClawHub packages you allow the Dev bot to install. If you want to be safer, run the Dev bot in an isolated VM/container and restrict network/volume access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ag2qgbmn0b5jdkakzjxgqqh837zws
179downloads
0stars
1versions
Updated 20h ago
v1.0.0
MIT-0
@kiril-shturman
latest
Download

pm-dev-orchestrator

Set up a PM bot (planner) that issues structured commands in a private Telegram group, and a Dev bot (executor) that runs those commands on its own server.

This skill is written for the Dev bot (executor). It contains:

  • a strict, parseable command language that PM can post into the group
  • the Dev bot behavior contract (what to execute, what to ignore)
  • safe defaults to avoid loops / spam / privilege escalation

Core idea

  • PM speaks natural Russian to the human.
  • PM posts strict commands into a private group.
  • Dev bot (OpenClaw) reads that group and executes only commands:
    • authored by PM bot (numeric from.id)
    • inside the allowed group chat id
    • with strict prefix: DEV

No extra polling bot is needed: Dev bot is just an OpenClaw instance connected to Telegram. When it receives a group message, it parses and runs the allowlisted actions.

Required config values (fill these)

  • GROUP_CHAT_ID — Telegram group chat id (e.g. -5259247075 or -100...).
  • PM_FROM_ID — Telegram numeric id of the PM bot. Example from our setup: 7790959648.
  • DEV_BOT_TOKEN — BotFather token for the Dev bot.

Dev bot: OpenClaw Telegram group allowlist

In ~/.openclaw/openclaw.json on the Dev server, set:

{
  "channels": {
    "telegram": {
      "enabled": true,
      "botToken": "<DEV_BOT_TOKEN>",
      "dmPolicy": "allowlist",
      "allowFrom": [],
      "groupPolicy": "allowlist",
      "groupAllowFrom": [<PM_FROM_ID>],
      "groups": {
        "<GROUP_CHAT_ID>": {}
      }
    }
  }
}

Restart gateway:

openclaw gateway restart

Command format (PM → Dev in the group)

All executable commands must be a single line starting with DEV .

Skill management

  • DEV skill install <slug>
  • DEV skill update <slug>
  • DEV skill search <query>
  • DEV skill list

Rules:

  • <slug> must be a ClawHub slug like claw-guru or StaticAI/android-adb.
  • Installs into: ~/workspace/skills (OpenClaw workspace).

Cron management

  • DEV cron list
  • DEV cron add every=10m name="dm-check" message="..."
  • DEV cron add cron="*/5 * * * *" name="health" message="..."
  • DEV cron enable id=<jobId> on|off
  • DEV cron remove id=<jobId>
  • DEV cron run id=<jobId>

Notes:

  • message=... becomes the agentTurn prompt for the cron job (isolated).

Dev executor (recommended): implement as Dev bot behavior (no extra daemon)

Recommended: do not run an extra process. Instead, configure the Dev bot’s behavior to:

  1. Ignore everything except DEV ... commands.
  2. For allowed commands, run the corresponding local CLI (clawhub / openclaw cron ...).
  3. Reply with a short, machine-readable status.

Dev bot behavior contract (copy into Dev bot system instructions)

When you receive a Telegram group message:

  • If chat.id != GROUP_CHAT_ID: ignore.
  • If from.id != PM_FROM_ID: ignore.
  • If text does not start with DEV : ignore.

Otherwise parse and execute.

Output format (reply in group):

  • Success: OK <summary>
  • Failure: ERR <reason>

Keep it under ~10 lines.

Optional script

scripts/dev_executor.py is included as a parser/executor scaffold for testing, but the primary path is the Dev bot behavior above.

Safety rules (non-negotiable)

  • Never execute arbitrary shell from chat.
  • Only allow commands listed above.
  • Only accept from PM_FROM_ID in GROUP_CHAT_ID.
  • Never print secrets/tokens in chat.

Troubleshooting

  • If Dev bot is silent: check group allowlist in config (groupAllowFrom + groups) and restart gateway.
  • If PM_FROM_ID unknown: on Dev server run openclaw logs --follow, make PM bot send a message, read from.id.

Comments

Loading comments...