clawpet
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent virtual pet skill, with noteworthy but disclosed reliance on an external GitHub CLI and an image-to-Telegram workflow.
Before installing, make sure you trust the GitHub clawpet package and that sending generated pet images through Telegram is what you want. The included shell wrapper itself is small and straightforward, but the main pet logic and image-generation helper are external to the reviewed files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Pet commands may execute code fetched from the external GitHub repository rather than only the bundled script.
If the clawpet binary is not already installed, the wrapper runs the CLI from a GitHub repository without pinning a commit or release. This is central to the skill and disclosed, but it means users trust code outside the reviewed artifact set.
REPO_URL="git+https://github.com/yazelin/clawpet.git" ... exec uvx --from "$REPO_URL" clawpet "$@"
Use this only if you trust the referenced repository; prefer installing a reviewed, pinned version or commit if available.
A pet-image request can generate a local file and send it through Telegram if those tools and paths are available.
For image requests, the skill instructs the agent to execute another local image-generation script and then send the resulting file through Telegram. This fits the stated image-sending purpose, but it chains tools and creates an external send action.
uv run /home/yaze/.npm-global/lib/node_modules/openclaw/skills/nano-banana-pro/scripts/generate_image.py ... message(action="send", channel="telegram", media="/home/yaze/.openclaw/workspace/YYYY-MM-DD-HH-MM-pet-name.png"
Confirm that Telegram is the intended delivery channel and adjust hard-coded paths or require confirmation before sending media if that is not expected.