proactive-chat
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to read trigger files and context to generate and send messages via Telegram. All operations are well-defined and constrained to the skill's workspace.
- [COMMAND_EXECUTION]: The skill performs routine file system operations such as reading triggers from ~/.openclaw/workspaces/companion/triggers/ and moving processed files to a sent/ subdirectory. These actions are necessary for the skill's documented workflow.
- [DATA_EXFILTRATION]: Message delivery is handled via the Telegram API using the TG_BOT_TOKEN_COMPANION and TG_ADMIN_CHAT_ID environment variables. This is the intended behavior for the skill's purpose and does not constitute unauthorized data exposure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data from trigger files and web searches. 1. Ingestion points: trigger files and web-search results. 2. Boundary markers: None specified. 3. Capability inventory: File system management and network communication via Telegram API. 4. Sanitization: No explicit validation or sanitization is described.
Audit Metadata