TG Channel Manager
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the workspace or config file is exposed, someone may obtain a Telegram bot token that can operate the user's channel bot.
The skill instructs the agent to collect, persist, and later auto-use a Telegram bot token from local configuration sources. That is purpose-aligned for channel management, but it is high-impact account authority and the artifacts do not show an approval choice, secret-store guidance, or tight scoping before saving.
`[fail] Bot token` → ask the user for the token, then save it: `tgcm.py config set bot-token <token>` ... `Settings saved via config set persist in tgcm/.config.json` ... `Bot token is auto-resolved: --bot-token arg → $BOT_TOKEN env → openclaw.json (auto-search) → tgcm/.config.json`.
Use a least-privileged bot, keep the workspace private, prefer an environment/secret store over local plaintext config, and require explicit user confirmation before saving or reusing the token.
Running this helper can modify the system/container and execute whatever code is currently in the upstream SearXNG repository and its dependencies.
The helper downloads the latest upstream code without pinning, installs dependencies into the system Python environment, and writes to protected system paths. This goes beyond the declared no-install-spec setup and creates provenance and environment-modification risk.
git clone https://github.com/searxng/searxng.git /opt/searxng; pip3 install --break-system-packages -r /opt/searxng/requirements.txt; mkdir -p /etc/searxng
Pin a trusted release or commit, use an isolated virtual environment/container, declare the extra dependencies, and avoid protected-path writes unless the user explicitly approves them.
The agent may inspect local configuration and possibly contact Telegram/SearXNG during setup checks.
The skill asks the agent to execute local Python code automatically on skill load. The command is a disclosed preflight check and appears purpose-aligned, but users should notice that code may run before a specific channel-management action.
When you load this skill, run the preflight check FIRST: `python3 {baseDir}/scripts/tgcm.py --workspace {workspace} check`Review the script before installation and only allow the automatic preflight if you are comfortable with that local execution.
A pending post can be publicly published to the configured Telegram channel and then removed from the queue.
The publisher can send posts to Telegram and mutate the local queue. This is central to the skill's purpose and is bounded to pending posts, one post per run, and max-posts-per-day checks, but it is still a high-impact public action.
Publish via: `message tool (action=send, channel=telegram, target=<config.channelId>, text="post text")` ... `Remove` the published entry from content-queue.md
Review pending posts, channelId, maxPostsPerDay, and the publisher schedule before enabling publishing.
Scheduled jobs may continue drafting or publishing according to configuration without another manual invocation.
The skill documents recurring cron jobs that keep running publisher/scout prompts. This persistence is disclosed and purpose-aligned, but it means the skill can continue acting after setup until the cron jobs are removed.
openclaw cron add --name "content-pub-<N>" --schedule "<config.cronPublisherTimes[N]>" --prompt-file "{baseDir}/references/publisher-prompt.md"Enable only the cron jobs you need, periodically run `openclaw cron list`, and remove publisher jobs when you no longer want automatic posting.