Telegram Bot
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Telegram Bot API integration, but it requires a Maton API key and can read or change Telegram bot chats, so users should only use it with trusted bots and explicit approval for writes.
Install only if you intend to let the agent operate a Telegram bot through Maton. Keep MATON_API_KEY private, use the Maton-Connection header when multiple bots exist, and approve write actions only after checking the exact chat, message, command, webhook, or connection that will be affected.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could send messages, change bot settings, manage webhooks, or delete connections for the connected Telegram bot.
The skill exposes high-impact Telegram bot write and management actions, but it clearly discloses them and instructs confirmation before writes.
Send messages, manage chats, handle updates... **All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Approve only specific, intended write actions; verify chat IDs, connection IDs, webhook URLs, and the expected result before allowing changes.
Anyone with access to the configured key could potentially act through the connected Telegram bot via Maton.
The skill requires a sensitive Maton API key and uses managed Telegram bot token access, which is expected for this integration but grants delegated account authority.
All requests require the Maton API key in the Authorization header... Authorization: Bearer $MATON_API_KEY... The `:token` placeholder is automatically replaced with your bot token from the connection configuration.
Keep MATON_API_KEY secret, use only trusted environments, limit access to connected bots, and rotate the key if it may have been exposed.
Bot messages, updates, media metadata, and command activity may be processed through Maton and any configured Telegram webhook destination.
Telegram bot data and actions are routed through the Maton API gateway. This is disclosed and purpose-aligned, but it means chat/update/media data crosses that external service boundary.
Base URL: https://api.maton.ai/telegram/:token/{method}... Access is scoped to messages, chats, media, and bot commands within the connected Telegram Bot API account.Use this only if you trust Maton and any webhook endpoints you configure; avoid routing highly sensitive chats unless that data flow is acceptable.
Users have less provenance information to independently verify the skill publisher or implementation beyond the registry metadata and referenced Maton endpoints.
The artifact does not provide an external source repository or homepage, although there is also no installable code or hidden helper present in the supplied artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Confirm that the Maton service and registry publisher are the intended provider before adding sensitive Telegram bot credentials.