← Back to Skills Marketplace

miso

Name: miso
Author: shunsukehayashi

by Shunsuke Hayashi · GitHub ↗ · v0.1.3

cross-platform ⚠ suspicious

846

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install miso

Description

Telegramでマルチエージェント進捗をリアルタイム表示し、ステータス反映・リアクション・ピン連動でミッションの全過程を可視化します。

Usage Guidance

This skill appears to implement a legitimate Telegram mission-control UI, but there are mismatches between what it declares and what the code does. Before installing or running it: - Inspect /Users/shunsukehayashi/.openclaw/openclaw.json (or the equivalent OpenClaw config on your system). The helper script expects to read a Telegram bot token there; ensure you understand and control that file and token. - Consider modifying miso_telegram.py to require an explicit environment variable (e.g., MISO_TELEGRAM_BOT_TOKEN) or to prompt for the token rather than reading a hardcoded path. - Verify whether the GIF assets the scripts expect actually exist (assets/progress/* and agent GIFs). The package snapshot here doesn't list an assets/ folder. - Be cautious about automatic state writes: the skill will create/update ~/.openclaw/workspace/skills/mission-control/.miso-state.json per its docs; if you don't want persistent files, run it in an isolated environment or sandbox. - If you don't trust the author or don't want the skill automatically sending messages, do not provide bot credentials or run the scripts that contact Telegram. If you want to proceed but reduce risk: run the code in a disposable environment, supply a test bot token with limited permissions, or change the code to log actions instead of performing network calls until you confirm behavior. If you want higher confidence, ask the author to (1) remove hardcoded user paths, (2) explicitly declare required config paths/credentials in the registry metadata, and (3) require credentials via explicit env vars or an interactive config step.

Capability Analysis

Type: OpenClaw Skill Name: miso Version: 0.1.3 The skill is classified as suspicious due to a critical vulnerability in `scripts/miso_telegram.py`. This script directly accesses a hardcoded path (`/Users/shunsukehayashi/.openclaw/openclaw.json`) to load the Telegram bot token. While the script uses the token for its intended purpose of interacting with the Telegram API (sending/editing messages, pinning/unpinning), this direct and hardcoded access to a sensitive configuration file containing credentials represents a significant security flaw that could be exploited if the skill is run in an untrusted environment or if the file permissions are misconfigured, potentially leading to token exposure.

Capability Assessment

⚠ Purpose & Capability

The skill claims to be a Telegram-native mission-control template, which fits the included helper scripts. However, the code expects a user-specific OpenClaw config at /Users/shunsukehayashi/.openclaw/openclaw.json to read a Telegram bot token and uses a workspace path (~/.openclaw/...) for persistent state. The registry metadata declared no required config paths or credentials, so the code's real requirements are not reflected in the declared metadata.

⚠ Instruction Scope

SKILL.md templates and runtime instructions focus on message format, reactions, and commands and do not instruct reading local files. In contrast, scripts and design docs show runtime behaviours that read/write local state (.miso-state.json under ~/.openclaw/...), call Telegram APIs, and expect asset GIFs. This is scope creep: the runtime artifacts access local configuration and filesystem state that the SKILL.md does not mention or justify.

ℹ Install Mechanism

There is no install spec (instruction-only), which is low-risk in general. The repository includes Python scripts that use third-party libs (Pillow in generate_progress_gif.py) and expect an assets/ directory (GIFs) that are not present in the manifest snapshot. No remote downloads are present. The absence of an install step means dependencies and assets may be missing at runtime and would need manual installation.

⚠ Credentials

The skill declared no required environment variables or primary credential, yet miso_telegram.py reads a Telegram bot token from a hardcoded CONFIG_PATH (/Users/shunsukehayashi/.openclaw/openclaw.json). It also documents writing state under ~/.openclaw/workspace/skills/… and references a channel chatId (-1003700344593). Requesting credentials via a local config file (and not declaring that requirement) is disproportionate to the metadata and could cause unexpected access to sensitive tokens/configs.

⚠ Persistence & Privilege

The design and docs explicitly describe persistent state (creating/updating ~/.openclaw/workspace/skills/mission-control/.miso-state.json) and pin/unpin operations in Telegram. Writing state to the user's OpenClaw workspace is reasonable for a mission-control skill, but this behavior was not declared in the skill metadata (required config paths: none). Additionally, the script contains a hardcoded absolute path with the author's username which is non-portable and may inadvertently expose assumptions about local file layout.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install miso
After installation, invoke the skill by name or use /miso
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.3

avoid telegram menu command collisions by prefixing menu commands

v0.1.2

add quick-reference telegram slash command card

v0.1.1

add telegram bot custom slash-command registration support

v0.1.0

mission-control text templates and slash command alignment

v1.4.0

Agent character system: 4 AI-generated characters (researcher/writer/reviewer/security) with per-agent animated GIFs for init/running/complete phases

v1.3.0

Animated GIF phase indicators: 6 phase GIFs + sendAnimation/editMessageMedia support in miso_telegram.py

v1.2.0

Full English localization of all documentation

v1.1.0

Add demo video (YouTube), LICENSE (MIT), .gitignore, inline video embed in README

v1.0.0

🍜 Initial release: Telegram-native Agentic UI framework. 4+1 Layer UX Model, 6 Phase lifecycle, WBS master tickets, channel integration, Human-in-the-Loop approval gates.

Metadata

Slug miso

Version 0.1.3

License —

All-time Installs 1

Active Installs 1

Total Versions 9

Frequently Asked Questions

What is miso?

Telegramでマルチエージェント進捗をリアルタイム表示し、ステータス反映・リアクション・ピン連動でミッションの全過程を可視化します。 It is an AI Agent Skill for Claude Code / OpenClaw, with 846 downloads so far.

How do I install miso?

Run "/install miso" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is miso free?

Yes, miso is completely free (open-source). You can download, install and use it at no cost.

Which platforms does miso support?

miso is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created miso?

It is built and maintained by Shunsuke Hayashi (@shunsukehayashi); the current version is v0.1.3.

More Skills