proactive-chat

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to read trigger files and context to generate and send messages via Telegram. All operations are well-defined and constrained to the skill's workspace.
  • [COMMAND_EXECUTION]: The skill performs routine file system operations such as reading triggers from ~/.openclaw/workspaces/companion/triggers/ and moving processed files to a sent/ subdirectory. These actions are necessary for the skill's documented workflow.
  • [DATA_EXFILTRATION]: Message delivery is handled via the Telegram API using the TG_BOT_TOKEN_COMPANION and TG_ADMIN_CHAT_ID environment variables. This is the intended behavior for the skill's purpose and does not constitute unauthorized data exposure.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data from trigger files and web searches. 1. Ingestion points: trigger files and web-search results. 2. Boundary markers: None specified. 3. Capability inventory: File system management and network communication via Telegram API. 4. Sanitization: No explicit validation or sanitization is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:07 AM
Security Audit — agent-trust-hub — proactive-chat