Name: Telegram
Rating: 5 (15 reviews)
Author: codedao12

Safety Report

OpenClaw skill for designing Telegram Bot API workflows and command-driven conversations using direct HTTPS requests (no SDKs).

9,805Downloads

114Installs

15Stars

2Versions

API Integration4,971 Workflow Automation3,323 Networking & DNS1,102 Notifications & Alerts1,061

Security Analysis

high confidence

Clean

The skill is an instruction-only guide for implementing Telegram Bot API workflows and its requirements and guidance align with that purpose.

Feb 11, 20265 files

Purpose & Capabilityok

Name/description match the content: the files are documentation and HTTP request templates for the Telegram Bot API. Nothing in the bundle requests unrelated cloud credentials, binaries, or access.

Instruction Scopeok

SKILL.md and reference files contain only design patterns, HTTP templates, routing rules, and operational/security advice (e.g., don't log tokens). They do not instruct the agent to read arbitrary files, external servers, or environment variables outside the bot token/base URL that are reasonable inputs for this task.

Install Mechanismok

No install spec and no code files — instruction-only content means nothing is downloaded or executed by the platform as part of installation.

Credentialsok

The guidance expects a bot token and base API URL as inputs (reasonable for Telegram integration). The registry metadata does not request any unrelated environment variables or credentials.

Persistence & Privilegeok

Skill is not always-enabled and does not request persistent system-wide privileges or alter other skills; autonomous invocation is allowed by default but is normal and not excessive here.

Guidance

This skill is documentation-only and appears coherent with its stated purpose. Before using it: (1) treat your bot token as a secret — do not paste it into chat or logs and store it in a secure secret store or environment variable in your runtime; (2) implement webhooks over HTTPS and use the secret_token header as recommended; (3) enforce idempotency and rate-limits when you write the code that follows these instructions; (4) remember the skill contains no executable code — you or your deployment pipeline will implement HTTPS calls, storage of update_id caches, and any persistent components, so review any code you add for proper security (input validation, safe storage, least-privilege); (5) test in a development bot before production. Overall the bundle is internally consistent, but it does not perform any installation or provide an SDK — exercise normal caution when implementing the runtime components.

Latest Release

v1.0.1

- Major update: Skill now targets advanced, command-first Telegram Bot API workflows using direct HTTPS requests (no SDKs). - Expanded documentation: Added four detailed reference guides covering API endpoints, command design, update handling, and HTTP request templates. - Revised scope: Focuses on reliable update flows, strict command routing, and production-grade operational/security practices. - Streamlined SKILL.md: Moved technical details into references for clarity; core file is now concise and directs users to new resources.

More by @codedao12

Agent Browser Core

14 stars

Auto Shorts Repurposer

5 stars

Facebook

4 stars

Messenger

4 stars

Google Sheets API

4 stars

Twilio

3 stars

Published by @codedao12 on ClawHub