Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Telegram Import
v1.0.0Incrementally import Telegram messages from SQLite to LanceDB with Qwen3-Embedding-4B vectors, supporting checkpoint resume and filtering empty messages.
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Telegram -> LanceDB with Qwen3 embeddings) matches the code and SKILL.md. The script reads a local SQLite DB, generates embeddings from a local LM Studio endpoint, and writes to a local LanceDB dataset. No unrelated credentials, remote APIs, or unrelated binaries are requested.
Instruction Scope
Instructions and the script operate on local files and the local LM Studio endpoint (127.0.0.1). They reference explicit Windows paths (D:\...) and the checkpoint file. The script reads the SQLite DB and writes to LanceDB and a checkpoint; it does not contact external domains beyond localhost. Note: the SKILL.md and script assume specific absolute paths which may not exist on a user's machine and will cause failures if paths are different.
Install Mechanism
No install spec is provided (instruction-only plus an included script). The script imports third-party Python packages (requests, numpy, pyarrow, lance). The absence of an install spec is not incoherent, but users must manually ensure these dependencies are installed; missing guidance could lead to runtime errors.
Credentials
No environment variables, credentials, or external tokens are required. The only network call is to http://127.0.0.1:1234 (local LM Studio), which is proportional to producing embeddings.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes its own checkpoint and the LanceDB dataset at the configured paths. It does perform persistent writes to the filesystem (checkpoint and dataset) as expected for an importer.
Assessment
This skill is coherent with its stated purpose, but review these before running: 1) Paths: the script hardcodes Windows paths (e.g., D:\chat\telegram_messages.db and D:\edata.lance). Update them if your files live elsewhere or run in an environment that matches these paths. 2) Dependencies: install the required Python packages (requests, numpy, pyarrow, lance) in a controlled virtual environment. 3) Local embedding service: the embedding endpoint is http://127.0.0.1:1234 — ensure LM Studio (or another compatible service) is running locally and you trust it. 4) Checkpoint safety: the script uses pickle.load to read the checkpoint file; unpickling untrusted files can execute arbitrary code. Only reuse checkpoints you created/trust; if you expect untrusted inputs, replace pickle with a safe format (JSON) or validate the checkpoint file before loading. 5) Backups & permissions: the script will read your Telegram DB and write into the LanceDB directory; back up data and run with appropriate filesystem permissions. If you want higher assurance, inspect and test the script in an isolated VM or container before running on sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9716334gvnt0xb3xap0nnje5184bn90
License
MIT-0
Free to use, modify, and redistribute. No attribution required.