Telegram File Sender
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a straightforward Telegram file-sending skill, but it can transmit a chosen local file to the current Telegram chat, so users should verify the file path before use.
Install this only if you trust the configured OpenClaw Telegram bot/gateway and the local `openclaw` CLI. Before using it, check that the path points to the exact file you intend to send, especially for absolute paths or sensitive documents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong path is supplied, a local file could be sent to Telegram unintentionally.
The script invokes a local CLI to send the file path supplied by the user/agent to a Telegram target. This is exactly the skill's purpose, but it is still a sensitive action because it uploads local file content.
openclaw message send --channel telegram --target "$target" --media "$path" --message "$caption"
Confirm the file path and caption before sending, and avoid sending secrets unless that is explicitly intended.
Files are delivered to the Telegram chat identified by the current session context.
The destination is derived from OpenClaw session metadata and the file is sent through the OpenClaw Telegram gateway. This is disclosed and purpose-aligned, but users should understand that the file is leaving the local session through that integration.
Reads `chat_id` from the `Inbound Context` block in the session ... Runs `openclaw message send --channel telegram --target <chat_id> --media <file>`
Use this only with a trusted OpenClaw Telegram gateway and verify the current chat context before sending sensitive files.
The skill will fail or depend on whichever `openclaw` binary is available in the runtime environment.
The skill depends on an external `openclaw` executable, while the registry requirements do not declare required binaries or an install spec. This is not suspicious for this purpose, but it is a dependency users should recognize.
- `openclaw` available in `PATH` (works on Linux/RPi and macOS)
Ensure the installed `openclaw` CLI/gateway is trusted and correctly configured before using the skill.