Tg Notify
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward Telegram notification skill, but it uses your OpenClaw Telegram bot token and may store contact IDs, so recipients should be verified before use.
Install this only if you want OpenClaw to use your configured Telegram bot to send notifications. Before use, verify the Telegram bot token, recipient chat IDs, and message content, and be cautious about saving personal contact IDs in USER.md.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can send messages as the configured OpenClaw Telegram bot.
The skill reads a local Telegram bot token from the OpenClaw configuration, giving it the ability to act through that bot.
BOT_TOKEN=$(node -e "const c=require(process.env.HOME+'/.openclaw/openclaw.json');console.log(c.channels.telegram.botToken)")
Use it only if you intend this agent to access that bot token, and verify the bot token is limited to the Telegram bot you expect.
If invoked with the wrong recipient or content, the bot could send unintended Telegram messages.
The skill uses raw curl calls to Telegram's sendMessage API with caller-supplied recipient and message values.
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" ... "chat_id": "<TELEGRAM_USER_ID>", "text": "<MESSAGE>"Confirm the recipient chat ID and message text before sending, especially for multi-recipient notifications.
Telegram IDs and name mappings may persist across future agent tasks and could become stale or incorrect.
The skill suggests storing Telegram user IDs in a persistent user file for later reuse.
Add others to `USER.md` as they interact with the bot.
Only store verified contact IDs with user consent, and periodically review USER.md for outdated or unwanted entries.