Back to skill
Skillv1.0.1
ClawScan security
Teamgram MTProto Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:38 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is a documentation/knowledge-only reference about Teamgram's MTProto layer and its declared content, requirements, and instructions are internally consistent with that purpose.
- Guidance
- This skill is reference documentation only and appears coherent with its stated purpose. Before relying on it in a production environment, verify the referenced GitHub repository and specific code paths yourself (the SKILL.md points to teamgram-server on GitHub) and audit any server deployment for proper key storage, network exposure, and database access. If you plan to deploy Teamgram Server, follow your normal security review: confirm license compatibility, review auth_key handling in the actual source code, and avoid pasting secrets into any third-party skills or chat inputs. If you need the agent to fetch or run code from the repository, treat that as a separate action and review the code and network permissions first.
Review Dimensions
- Purpose & Capability
- okName/description match the content: it's a reference describing handshake, AES-IGE decryption, QuickAck, auth_key caching, and message forwarding. No unrelated credentials, binaries, or capabilities are requested.
- Instruction Scope
- okSKILL.md is strictly documentation and references code paths and runtime components for operator context. It does not instruct the agent to read local files, access credentials, or call external endpoints beyond referencing the public GitHub repo.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime component table merely documents what Teamgram Server deployments normally use (MySQL, Redis, etc.) and does not request access to them.
- Persistence & Privilege
- okSkill is not forced-always and does not request elevated persistence or modify other skills/system settings. Autonomous invocation is enabled (default) but that is normal for user-invocable skills and not problematic here given the documentation-only nature.