Telegram Interactive Buttons
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: telegram-interactive-buttons Version: 1.1.2 The skill provides a set of helper scripts and documentation for sending interactive Telegram messages with inline buttons using the OpenClaw CLI. The bundle includes bash wrappers (e.g., `send_buttons.sh`, `edit_message.sh`), a Python validation script (`validate_buttons.py`) to ensure JSON compliance with Telegram API limits, and comprehensive examples. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the scripts are transparent and strictly perform the stated automation tasks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong chat ID or message content is used, the bot could post an unintended message to a Telegram chat.
The helper sends user-supplied message content and button JSON to a Telegram target through the OpenClaw CLI. This matches the skill purpose, but it is still an externally visible action.
openclaw message send --target "$TARGET" --message "$MESSAGE" --buttons "$BUTTONS"
Verify the target chat ID, message text, and buttons before use, especially for group or production chats.
Anyone who can access the configured bot token may be able to send messages as the bot in chats where it is present.
The skill requires configuring a Telegram bot token so OpenClaw can send messages as that bot. This is expected for Telegram integration, but it is account-level messaging authority.
"botToken": "YOUR_BOT_TOKEN_HERE"
Store the bot token securely, restrict the bot to chats you control, avoid committing config files, and rotate the token if it is exposed.
Installing a global CLI from an unverified source could affect the local environment.
The setup uses a user-directed global CLI install without a pinned version. This is a normal prerequisite for the skill but is still a supply-chain point users should verify.
npm install -g openclaw
Install OpenClaw from its official source, consider pinning a trusted version, and review the helper scripts before running them.