proactive-companion Security Report — Low Risk | ClawSafe

15 /100

proactive-companion

An autonomous, self-improving buddy system for OpenClaw that schedules interest-based Telegram pings

A legitimate proactive companion skill that schedules Telegram pings via OpenClaw cron, with no malicious patterns found. Minor concern about invasive SOUL.md patching during install.

Skill Nameproactive-companion

Duration43.3s

Enginepi

✓

Safe to install

Review the automatic SOUL.md modification during install. Ensure you are comfortable with the skill patching system files. Otherwise safe to use.

Findings 3 items

Severity	Finding	Location
Medium	Automatic SOUL.md Modification The install.sh script automatically appends routing rules to /data/.openclaw/SOUL.md without explicit user consent beyond the install process. `cat >> "$SOUL_FILE" << 'SOULEOF' ...` → Document this clearly during installation or provide a manual option.	`install.sh:148`
Low	tools.profile = coding Modification Install script attempts to change OpenClaw tools profile to 'coding' which enables broader execution capabilities. `$OPENCLAW_BIN config set tools.profile coding` → This is necessary for the skill to function but increases attack surface.	`install.sh:105`
Low	Broad subprocess Usage The code uses subprocess to call openclaw CLI for session management, history retrieval, and trigger injection. `subprocess.Popen(["openclaw", "agent", ...])` → While documented, subprocess usage is extensive. Ensure openclaw CLI is trusted.	`proaktiv_check.py:175`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✓ Aligned	proaktiv_check.py:175-183 uses subprocess.Popen for openclaw agent command
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares filesystem:/data/.openclaw/skills/proaktiv/ - code operates wi…
Network	`NONE`	`NONE`	—	No direct network calls; all Telegram communication via openclaw CLI
Environment	`READ`	`READ`	✓ Aligned	Reads OPENCLAW_TELEGRAM_NR from .env file
Database	`NONE`	`NONE`	—	Uses JSON files for state storage within skill directory

2 findings

🔗

Medium External URL 外部 URL

https://clawhub.ai

.clawhub/origin.json:3

🔗

Medium External URL 外部 URL

https://t.me/userinfobot

SKILL.md:160

File Tree

16 files · 82.2 KB · 2085 lines

Python 4f · 1229L Markdown 4f · 559L Shell 1f · 214L JSON 6f · 75L Ignore 1f · 8L

├─ ▾ 📁 .clawhub

│ └─ 📋 origin.json JSON 7L · 141 B

├─ ▾ 📁 templates

│ ├─ 📋 interest_graph.json JSON 14L · 308 B

│ └─ 📋 social_knowledge.json JSON 3L · 19 B

├─ 📋 _meta.json JSON 6L · 148 B

├─ 📄 .gitignore Ignore 8L · 98 B

├─ 🐍 feedback_update.py Python 256L · 10.5 KB

├─ 🔧 install.sh Shell 214L · 8.3 KB

├─ 🐍 interest_evolve.py Python 114L · 3.9 KB

├─ 🐍 proaktiv_check.py Python 806L · 31.3 KB

├─ 🐍 proaktiv_onboarding.py Python 53L · 2.1 KB

├─ 📝 README.md Markdown 154L · 5.7 KB

├─ 📋 skill.json JSON 42L · 1.1 KB

├─ 📝 SKILL.md Markdown 284L · 12.2 KB

├─ 📋 social_knowledge.json JSON 3L · 19 B

├─ 📝 SOCIAL.md Markdown 34L · 1.4 KB

└─ 📝 TOPIC_TEMPLATES.md Markdown 87L · 5.1 KB

Security Positives

✓ No credential harvesting or exfiltration detected

✓ No base64, eval, or obfuscated code found

✓ No access to ~/.ssh, ~/.aws, or other sensitive paths

✓ No direct IP network requests or C2 communication

✓ No curl|bash or wget|sh remote script execution

✓ All data operations confined to skill directory /data/.openclaw/skills/proaktiv/

✓ Comprehensive changelog showing active development and bug fixes

✓ Clean, commented code with no hidden functionality

✓ MIT license properly declared

✓ Social knowledge tracking is transparent about data collection

Scan Report

Findings 3 items

File Tree

Security Positives