Telegram Ops
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches Telegram forum management, but it also changes OpenClaw agent configuration so new Telegram topics can get persistent system prompts and all available skills by default.
Use this only if you intend to let it manage Telegram forum topics and OpenClaw Telegram topic configuration. Before installing or invoking it, protect the bot token, require confirmation for config.patch and archive/delete actions, review the exact systemPrompt, and prefer an explicit per-topic skills allowlist instead of allowing all skills by default.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly configured Telegram topic could run with broader agent capabilities than the user expected.
This tells the agent to patch persistent OpenClaw configuration and leave every skill available for the new topic instead of using an explicit allowlist.
gateway action=config.patch raw='{"channels":{"telegram":{"groups":{"<GROUP_ID>":{"topics":{"<TOPIC_ID>":{"systemPrompt":"Topic-specific instructions"}}}}}}}' ... **Do NOT add a `skills` key** -- omitting it means all skills are available.Require explicit user approval before config.patch, define a per-topic skills allowlist, and show the exact config diff before applying it.
If the stored prompt is generated from unreviewed or user-supplied text, future sessions may follow unintended instructions.
Topic-specific system prompts are stored as persistent OpenClaw configuration and can shape future agent behavior in that Telegram topic.
Write a system prompt -- give the agent context for what this topic is about ... Patch the config to register the topic with a system prompt
Review and approve the exact systemPrompt before saving it, avoid copying untrusted Telegram content into system prompts, and keep prompts narrowly scoped.
Anyone using the skill with that token can make visible changes to Telegram forum topics.
The skill uses a Telegram bot token from OpenClaw config and requires admin-level topic-management rights.
Bot must be admin in the group with `can_manage_topics` permission ... gateway action=config.get | jq -r '.result.parsed.channels.telegram.botToken'
Use a least-privileged bot, protect the token, rotate it if exposed, and avoid passing tokens through shell history or shared logs.
Using the wrong group or topic ID could close the wrong Telegram discussion or remove the wrong agent session history.
The archive workflow intentionally changes a shared Telegram topic and then affects associated OpenClaw session state.
Archive workflow: rename with `[ARCHIVED]` prefix, set folder icon, close topic, then handle the OpenClaw session.
Confirm group/topic IDs, export session history before deletion, and keep archive/delete actions user-confirmed.