Telegram MTPROTO CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and read-only, but it handles sensitive Telegram account sessions/messages and relies on an external npm CLI that was not reviewed here.
Install only if you are comfortable giving the external CLI read access to your Telegram account. Scope requests narrowly, avoid exposing session files or API credentials, verify the npm package before installing, and log out/remove sessions when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is granting the CLI access to read Telegram chats and media available to the authenticated account.
The skill requires Telegram account credentials and creates authenticated sessions, which is expected for MTProto access but gives the CLI account-level read access.
Telegram `api_id` + `api_hash` ... System keychain ... Phone number + OTP code ... creates session
Use only the intended Telegram account, do not share session files or credentials, and run logout/removal steps when the session is no longer needed.
A broad request could pull extensive private Telegram content into the agent's working context or local files.
The documented commands can retrieve large amounts of chat history and download media. This is purpose-aligned and read-only, but the scope can be broad.
tg messages <chat> [-n 100] [--all] ... tg download <chat> <messageId> [--out <dir>]
Give explicit chat names, date ranges, limits, and output directories; avoid using full-history extraction unless necessary.
The actual executable behavior depends on the npm package version installed on the user's machine.
The skill depends on an external globally installed npm package rather than code included in the reviewed artifact set.
`tg` | `npm install -g tg-mtproto-cli` | Core CLI
Install from the listed official package/source only, verify the package and version, and review the upstream project if you require stronger assurance.