Telegram Multibot Relay
Security checks across malware telemetry and agentic risk
Overview
This plugin generally matches its Telegram multibot relay purpose, but it will use existing Telegram/model credentials and persistent workspace/cron context, so it should only be enabled for trusted bots and chats.
This appears suitable for its stated Telegram multibot relay purpose. Before installing, confirm you trust the publisher and the workspace, use limited Telegram bot permissions, review who can issue commands in Telegram groups, and avoid putting secrets in workspace prompt or memory files.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the plugin can act using the Telegram bot accounts configured in OpenClaw and make requests to the configured OpenAI-compatible model provider.
The plugin uses configured model-provider API keys and Telegram bot tokens to call external services. That is expected for a Telegram relay plugin, but it gives the plugin authority to act through those bot accounts and consume the configured model provider.
const apiKey = String(provider.apiKey || '').trim(); ... authorization: `Bearer ${apiKey}` ... return String(config?.channels?.telegram?.accounts?.[accountId]?.botToken || '').trim();Use bot tokens with the minimum necessary Telegram permissions, keep OpenClaw model provider keys trusted, and enable the plugin only in workspaces where that credential access is acceptable.
Stale, private, or untrusted workspace memory/instruction files could affect how the relay phrases or routes bot interactions.
The runtime includes logic to load persistent workspace prompt, team, tool, user, and memory files. These files can influence relay behavior if used by the plugin.
const fileNames = ['IDENTITY.md', 'SOUL.md', 'AGENTS.md', 'TEAM.md', 'USER.md', 'TOOLS.md', 'MEMORY.md', 'RELAY.md']; ... fs.readFile(path.join(workspaceDir, fileName), 'utf8')
Keep these workspace files accurate and trusted, and avoid storing secrets in prompt or memory files that may be included in model context.
People who can trigger the bot in a group may be able to create recurring reminders or request broad reminder cleanup, depending on the gateway's normal access controls.
The plugin exposes user-facing chat commands that can create persistent reminders and remove reminders, including a broad deletion command. This is disclosed and central to the plugin, but it mutates persistent cron state.
Create one-shot and repeating reminders through native OpenClaw cron ... Remove reminders through the same native cron layer ... `delete all reminders`
Enable the plugin only in trusted Telegram groups, and verify OpenClaw or bot-level permissions are sufficient for who may create or delete reminders.