ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Telegram Contract Ops

v1.0.1

Automate Vietnamese contract creation and eID intake via Telegram by parsing inputs, OCRing ID images, generating .docx contracts, and routing workflows by g...

0· 140·0 current·0 all-time
byVĩnh Tâm@vt-mmm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement exactly what the description promises (Telegram bot flows, OCR via Apple Vision, parsing eID fields, mapping to a docx generator). That functionality legitimately needs access to Telegram and local runtimes. However the manifest/registry metadata declares no required env vars or binaries even though the code depends on them, which is an incoherence to flag.
Instruction Scope
The SKILL.md describes only the bot, Plan B/Plan C flows, and deployment steps; it instructs the operator to keep tokens and group IDs out of the packaged skill. The runtime instructions and references are scoped to the stated task and do not ask the agent to read unrelated system secrets. (They do, however, instruct operators to create local .env files with sensitive tokens — which is expected for a Telegram bot.)
Install Mechanism
No install spec (instruction-only from registry) is lower risk, and the skill's files are bundled as scripts rather than fetching remote code. That's reasonable. But the code executes local subprocesses (python3, node, swift) without declaring those runtime binaries in the registry, creating a platform/config mismatch that should be fixed.
!
Credentials
The package metadata lists no required environment variables, yet the bot and scripts clearly require TELEGRAM_BOT_TOKEN, TELEGRAM_CONTRACT_CHAT_ID / TELEGRAM_MANAGEMENT_CHAT_ID, PLAN_B_TEMPLATE_DOCX, PLAN_B_OUTPUT_DIR and rely on runtime PATH entries for node/python3/swift. This omission is a meaningful incoherence: required secrets are used at runtime but not declared, preventing an accurate vetting of the skill's claimed needs.
Persistence & Privilege
The skill stores state and artifacts under the installation working directory (.state/, plan-b/output, temp OCR JSON files). It does not request elevated system privileges or force installation (always:false). The persistent artifacts can contain sensitive PII (ID images, OCR text, mapped JSON), so operators should ensure file permissions and rotation/cleanup policies.
What to consider before installing
This skill appears to do what it says (Telegram bot + OCR + docx generation), but there are important inconsistencies to resolve before installing: - The package metadata lists no required env vars or binaries, yet the code requires TELEGRAM_BOT_TOKEN, TELEGRAM_CONTRACT_CHAT_ID, TELEGRAM_MANAGEMENT_CHAT_ID, PLAN_B_OUTPUT_DIR, PLAN_B_TEMPLATE_DOCX and depends on node, python3, and (for OCR) swift/Apple Vision. Treat those as required secrets/runtimes. - Review all scripts locally before running. Pay attention to: execFileSync/child_process calls (the code runs python and swift), file write paths (.state/, plan-b/output, temp .ocr.json), and the Telegram usage (it calls Telegram API directly). These are expected, but verify paths and token usage. - Fix or override hard-coded defaults before deployment: the Python generator contains defaults pointing at /Users/vtammm/.openclaw/workspace which look like developer-specific paths — change these to appropriate, isolated directories so files aren't written into unexpected home directories. - Limit bot token scope and group membership. Use a dedicated Telegram bot token with minimal privileges, add the bot only to intended groups, rotate the token after setup, and store tokens in a local, access-controlled .env file (not checked into source control). - Protect PII and artifacts. OCR outputs, ID images, and mapped JSON contain sensitive personal data; run the skill on a machine with disk encryption, set restrictive file permissions on output/state directories, and implement a cleanup/retention policy. - If you need Plan C OCR on non-macOS, the repository warns the Swift/Apple Vision OCR is macOS-only. Replace or audit any alternate OCR engine before enabling it. If you trust the author and will run the skill in a controlled environment after making the above changes (declare required env vars and runtime binaries in your deployment policy, correct default paths, and secure tokens/artifacts), the code itself is consistent with its stated purpose. If you cannot validate or edit the code and environment, avoid installing it on production systems.
scripts/plan-b-telegram-to-docx.js:154
Shell command execution detected (child_process).
scripts/telegram-planb-bot.js:75
Shell command execution detected (child_process).
scripts/telegram-planb-bot.js:7
Environment variable access combined with network send.
!
scripts/telegram-planb-bot.js:22
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk974efe4rzfyfdm3z4ayykdy6h835d6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments