OpenClaw Hook Development

Create, debug, and maintain OpenClaw Gateway internal hooks for agent events like bootstrap, including virtual file injection and Telegram notification fixes.

This skill appears to do what it says: inject virtual files and send Telegram notifications by reading your OpenClaw config and workspace. Before installing or enabling it: (1) Inspect ~/.openclaw/openclaw.json to see what tokens would be accessible — the example extracts botToken via regex from that file. (2) Replace placeholder chat IDs in the example or set TELEGRAM_CHAT_ID appropriately. (3) Be aware the hook will read workspace files (e.g., memory/*.md) and can send their info in messages. (4) The provided example code has bugs/typos (missing require('os') in one example, and several stray assignments like "ult = handler" and repeated "ts.default = handler") that may throw runtime exceptions or crash the hook when loaded; fix these errors before using in production. (5) If you want to test, run the included scripts in a safe environment (offline or with a throwaway bot token) and review logs (tail ~/.openclaw/logs/gateway.err.log). If you are not comfortable with code that reads local config files containing tokens, do not enable this hook.

Type: OpenClaw Skill Name: openclaw-hook Version: 1.0.2 The skill bundle provides instructions and code templates for creating internal hooks that read the user's primary configuration file (~/.openclaw/openclaw.json) to extract sensitive credentials, such as Telegram bot tokens. While these actions are aligned with the stated purpose of developing notification hooks, the practice of programmatically parsing global secrets and transmitting data to an external endpoint (api.telegram.org) represents a high-risk capability. Key files involved include SKILL.md, references/complete-example.js, and scripts/test-telegram.js.