Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
- Skill content
password: [REDACTED],
Telegram Chat Summary
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a real Telegram summarizer, but setup can change global OpenClaw tool permissions and the plugin handles Telegram sessions/messages on a background schedule.
Install only if you trust this plugin with your Telegram account and chat contents. Before use, inspect the flagged `src/telegram-client.ts` password line, review the OpenClaw config changes made by setup, restrict the tool allowlist/profile where possible, protect `apiHash`, `sessionString`, and bot tokens, and confirm the scheduler and summary destination are exactly what you intend.
SkillSpector
By NVIDIA
SkillSpector has not run for this release. Legacy ClawScan findings remain available under Risk analysis.
Static analysis
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Running setup may broaden or alter what tools the agent can use across OpenClaw, potentially affecting behavior beyond Telegram summaries.
Why it was flagged
Setup writes global OpenClaw tool permission settings, not just this plugin's own Telegram configuration.
Skill content
const REQUIRED_TOOLS_PROFILE = "full"; ... { path: "tools.profile", value: REQUIRED_TOOLS_PROFILE }, { path: "tools.allow", value: allowedTools },Recommendation
Review `~/.openclaw/openclaw.json` before and after setup; keep only the Telegram summary tools you actually need, and avoid a broader global tool profile if your OpenClaw setup supports a more restricted configuration.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
Anyone who obtains the session string or API hash may be able to abuse your Telegram account access.
Why it was flagged
The plugin requires Telegram API credentials and a Telegram session string, which can grant account-level access for listing chats, reading messages, and sending summaries.
Skill content
"apiHash": { "type": "string" ... }, "sessionString": { "type": "string" ... }, ... "apiHash": { ... "sensitive": true }, "sessionString": { ... "sensitive": true }Recommendation
Treat `apiHash`, `sessionString`, and any bot token as secrets; store them only in trusted local config, do not commit them, and revoke/regenerate them if exposed.
#
ASI10: Rogue Agents
Medium
What this means
Configured Telegram chats may be read and summarized repeatedly in the background until the scheduler is disabled and the gateway is restarted.
Why it was flagged
The plugin registers a recurring cron task that continues to summarize configured chats while the gateway process is running.
Skill content
const task = cron.schedule(schedule, async () => { ... for (const chatEntry of cfg.chats ?? []) { ... await summarizeChat({ api, cfg }, chatEntry, signal); } });Recommendation
Only configure chats you intend to monitor, confirm the schedule, and use the stop command plus gateway restart when you want monitoring to end.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
Private chat content may be exposed to the configured AI runtime, summary destination, and local logs in summarized form.
Why it was flagged
Telegram message content is processed by an embedded AI agent, then summaries can be sent to a Telegram destination and logged.
Skill content
调用 `api.runtime.agent.runEmbeddedPiAgent(...)` 生成摘要。发送到 `targetChatId`(缺省为当前 chat)。记录日志(抓取条数、摘要内容、发送结果)。
Recommendation
Use this only for chats whose participants and data policy allow AI summarization; verify `targetChatId`, bot-token settings, and log retention.
#
ASI01: Agent Goal Hijack
Low
What this means
A message in a monitored chat could manipulate or distort the summary output.
Why it was flagged
Untrusted Telegram chat messages are inserted into the summarization prompt; malicious chat text could try to influence the generated summary.
Skill content
聊天记录:\n{messages}\n\n请提供结构清晰的摘要,使用要点形式。Recommendation
Treat generated summaries as untrusted analysis of chat content, and consider adding prompt text that explicitly treats chat messages as data rather than instructions.