Telegram Bot Builder
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only Telegram bot helper; its sensitive areas like group management, webhooks, and payments are disclosed and aligned with its purpose.
This skill appears safe to install as an instruction-only helper. Before deploying any bot it helps create, review generated code, protect Telegram bot tokens, limit group/admin permissions, validate webhook traffic, and be especially careful with payment or moderation features.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used to build a real bot, the user may be granting the bot power to interact with chats, groups, or payments.
Bot setup, group management, and payment features commonly require delegated Telegram bot authority, group permissions, or payment configuration, even though this artifact does not directly request credentials.
- 🤖 Bot Setup (BotFather) - 👥 Group Management - 💰 Payment (Stars)
Use least-privilege bot permissions, keep bot tokens private, and review any generated bot code before deploying it to groups or payment flows.
External Telegram messages could influence bot behavior if the generated implementation trusts webhook input too broadly.
Webhook and auto-reply functionality implies external inbound messages may trigger automated bot responses; this is expected for a Telegram bot builder but should be implemented with clear origin checks and limits.
- 🔗 Webhook Integration - 📩 Auto-reply / Filters
Validate webhook sources, avoid treating user messages as trusted instructions, and require explicit review for actions such as moderation, purchases, or account changes.