Telegram Media Resolver
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly purpose-aligned, but it needs Review because it can mutate Telegram chats and writes downloaded files using unsanitized Telegram-provided filenames.
Review before installing. The skill can be useful for seeing Telegram media placeholders, but use it only with a limited-permission bot token, prefer a private forward destination, and avoid using it on untrusted files until filename sanitization is added.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot may briefly post or forward content in a group, and if deletion fails, the duplicate forwarded message could remain visible.
The tool defaults to forwarding the target message into the same chat, then tries to delete the forwarded copy but suppresses cleanup errors. This can create visible Telegram chat side effects, and a failed deletion may leave the forwarded media/message behind.
forward_to = args.forward_to or chat_id ... api_call(token, "forwardMessage", { ... }) ... except Exception:\n pass # best effortRequire explicit user approval before forwarding, default to a clearly controlled private destination, and report or fail on cleanup errors instead of silently ignoring them.
A specially named Telegram file could potentially write outside the intended output directory or overwrite an existing local file, depending on Telegram filename handling and filesystem permissions.
For documents, videos, animations, and audio, a Telegram-provided filename is joined directly into the local output path without basename filtering, path traversal checks, or overwrite protection.
file_name = doc.get("file_name", f"tg_{chat_id}_{msg_id}.bin") ... out_path = os.path.join(out_dir, file_name) ... download_file(token, tg_file_path, out_path)Sanitize filenames with a basename-only allowlist, reject path separators and absolute paths, verify the resolved path stays inside the output directory, and avoid overwriting existing files.
Installing or using the skill gives the agent a workflow for using the Telegram bot token, which can access chats the bot belongs to and perform bot-authorized actions such as forwarding and deleting bot messages.
The skill uses the local Telegram bot token from OpenClaw configuration. This is expected for Telegram Bot API downloads, but it is sensitive account authority and is not declared in the registry metadata as a credential or required config path.
Read bot token: `cat ~/.openclaw/openclaw.json | python3 -c "import sys,json; print(json.load(sys.stdin)['channels']['telegram']['botToken'])"`
Only use this with a bot token you are comfortable delegating, limit the bot’s chat permissions, and update the skill metadata to declare the credential/config dependency.