Telegram Group Chat Setup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can access a Telegram bot token from local configuration. That is expected for this setup, but the token is sensitive because it represents bot account authority.
The helper reads a local gateway config, extracts the Telegram bot token, and sends it to Telegram's official Bot API to identify the bot.
CONFIG_PATH="${CLAWDBOT_CONFIG_PATH:-$HOME/.clawdbot/moltbot.json}" ... token = tg.get('botToken', '') ... curl -s "https://api.telegram.org/bot${BOT_TOKEN}/getMe"Run this only in a trusted environment, verify the config path, and avoid sharing logs or command output that could expose the bot token.
A wrong group ID, allowed-user list, or mention pattern could make the bot respond in the wrong group or to the wrong people.
The skill instructs the agent to modify gateway routing and response-gating configuration for Telegram groups.
Use the `gateway` tool with `action: "config.patch"` ... `groupAllowFrom`: ["<user1>", "<user2>"] ... `mentionPatterns`: ["@bot_username", "bot_name", "@bot_name"]
Review the exact gateway patch before applying it, confirm the group ID and allowed users, and keep a backup of the current gateway config.
People in the Telegram group may have their messages visible to the bot for context, not just messages that directly mention it.
The setup intentionally routes Telegram group messages into the bot context after privacy mode is disabled, even though responses are gated by mentions.
With privacy mode OFF + `requireMention: true` in MoltBot config, the bot sees all messages (for context) but only responds when mentioned.
Only disable Telegram privacy mode for groups where members understand the bot can read group messages, and keep `requireMention` and sender allowlists enabled.