ClawHub

Telegram Agent Memory

v0.2.0

Long-term Telegram memory for AI agents — search conversations, get digests, extract decisions. Connects to any Telegram channel via user's own account.

0· 72·0 current·0 all-time
by@may4vfx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Telegram long-term memory) align with requested artifacts: only curl and a single API key (AGENT_MEMORY_API_KEY) are required. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are scoped to managing an API key and calling the documented agent.ai-vfx.com API endpoints. They instruct the agent to persist the API key into ~/.openclaw/openclaw.json (example jq command). Storing a secret to disk is expected for this use-case, but users should be aware the key will be written to their OpenClaw config file and may be readable by processes/users with access to that file.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. Lowest-risk install posture: nothing is written to disk by the skill itself beyond the user's manual config change.
Credentials
Only a single credential (AGENT_MEMORY_API_KEY) is declared as required and is the primary credential. That matches the described API usage. There are no unexplained SECRET/TOKEN/PASSWORD environment requests.
Persistence & Privilege
always is false and the skill does not request elevated or permanent platform-wide privileges. The only persistent action the instructions suggest is writing the API key into the skill section of the OpenClaw config, which is normal for credential storage.
Assessment
This skill appears internally consistent, but before installing: 1) Confirm you trust the remote service (https://agent.ai-vfx.com) and the @AgentMemoryBot used to mint API keys — the skill will send your Telegram conversation data to that service. 2) Create a revocable API key and avoid using highly privileged or long-lived credentials. 3) Be aware the SKILL.md shows a command that writes the API key into ~/.openclaw/openclaw.json; verify the file exists and set restrictive file permissions (e.g., chmod 600) so other users/processes cannot read it. 4) If privacy is a concern, test with a non-sensitive channel first and review the service's data retention/privacy policies (none are linked in the skill). 5) If anything about the domain, bot, or key-generation flow looks unfamiliar, do not paste your key and verify the project identity with the provider before continuing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971bq2gjnj1r0ysdgt12v3atn83kzrr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvAGENT_MEMORY_API_KEY
Primary envAGENT_MEMORY_API_KEY

Comments