Telegram Marketing Audit Adarsh
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple Telegram command wrapper for a marketing audit, but it depends on a separate orchestrator skill and collector API keys that users should review separately.
This skill appears benign as a Telegram wrapper. Before installing, make sure the referenced marketing-orchestrator skill is trusted, confirm which collector API keys are required, and avoid using the command in Telegram chats where audit reports or error details should not be visible.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The main audit behavior and data handling will be determined by another installed skill, not this wrapper alone.
The handler relies on a separate marketing-orchestrator skill for the core audit behavior, but that dependency is not included in the provided artifacts. This is purpose-aligned, but users should review the referenced skill separately.
const result = await context.callSkill("marketing-orchestrator", { instagramHandle, websiteDomain, });Review and trust the marketing-orchestrator skill and its dependencies before enabling this Telegram handler.
Collector credentials may be needed by the broader audit workflow.
The skill mentions API keys for collector services, while the registry metadata declares no required environment variables. API keys are expected for this kind of audit workflow, but users should know which credentials are being used.
- Ensure environment variables for collectors (API keys) are set.
Use narrowly scoped API keys, document which environment variables are required, and avoid sharing credentials with unrelated skills.
Reports or backend error details could be posted into the Telegram chat where the command was used.
The skill relays generated reports and raw error messages back to Telegram. This is expected for a Telegram command handler, but error text from the orchestrator or collectors could expose internal details if not sanitized.
await context.reply(result.reportMarkdown); ... await context.reply("Error during marketing audit: " + err.message);Use this command only in appropriate chats, and sanitize or generalize error messages before sending them to users.