Is crazypeace/telegram-pairing-send-code-to-every-start safe?

https://github.com/openclaw/skills/tree/main/skills/crazypeace/telegram-pairing-send-code-to-every-start

92
SAFE

This skill provides documentation for modifying OpenClaw's Telegram pairing behavior to send pairing codes on every /start message instead of only on first request. The skill contains no executable code or prompt injection attempts and appears to be a legitimate technical modification guide.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Instructions for modifying authentication code -10

Skill provides step-by-step instructions for modifying OpenClaw's Telegram pairing authentication code, specifically changing the condition from 'if (created)' to 'if (code)' to alter when pairing messages are sent to users.

LOW Service restart instruction -5

Skill instructs users to restart the OpenClaw gateway service after making code modifications, which could affect system availability.

INFO Documentation-only skill with manual implementation 0

This is a documentation skill that requires manual implementation by the user. It does not automatically execute code modifications, reducing immediate security risk.