ClawHub

Telegram Notify

v1.0.0

Send Telegram direct message alerts for trade entry, exit, and self-heal events with rate limiting and customizable templates.

0· 562·6 current·6 all-time
by@motivationationdaily
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description say 'Send Telegram DM alerts', which normally requires a Telegram bot token and target chat id; the SKILL.md contains no mention of these credentials, API endpoints, or how messages are delivered. That mismatch suggests the skill is incomplete or incoherent.
!
Instruction Scope
SKILL.md is very high-level and lacks concrete runtime instructions (no API calls, no env vars, no config keys, no templates/examples). Vague safety rails ('DM only unless explicitly configured') grant broad discretion without specifying where or how configuration is provided.
Install Mechanism
Instruction-only skill with no install spec or code files — lower attack surface because nothing is written to disk by an installer. However, absence of install files also means there's nothing to audit.
!
Credentials
Requires no environment variables or credentials in metadata, yet the feature (sending Telegram messages) logically requires credentials (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID). The lack of declared credentials is disproportionate and unexplained.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform privileges. This is appropriate for a notification helper.
What to consider before installing
Do not install or use this skill until the author provides explicit runtime details. Ask for: (1) the exact auth method (Telegram bot token and required chat id or OAuth flow) and the precise env var names the skill expects, (2) sample message templates and how rate-limiting/cooldown are enforced, and (3) the exact network endpoints it will call (e.g., api.telegram.org). If the skill will ask you to paste credentials at runtime, prefer creating a new, limited-scope bot token for testing and avoid reusing high-privilege tokens. If the author supplies code to run, review it for remote endpoints, unexpected file access, or requests for unrelated secrets (AWS, GitHub, etc.). If any credential or config request seems unrelated to Telegram notifications, treat it as a red flag.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710ncfcwbzgrrjwsptx3wg7s82158a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

telegram-notify

Purpose

Send consistent Telegram DM alerts for key trading events (entry/exit/self-heal) with rate limits and clean templates.

Use when

  • Need trade entry/exit notifications
  • Need self-heal/restart alerts

Safety rails

  • DM only unless explicitly configured.
  • Avoid spam: optional cooldown.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…