Telegram QR Login Workaround
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could give the agent a GitHub token that can act on their account within the token’s scope.
The skill tells the user to create a GitHub personal access token and send it to the agent. That is sensitive delegated account authority and is not central to the Telegram login workaround.
用户去 https://github.com/settings/tokens/new 创建 PAT(勾 `gist` scope),发给你后用 curl 直接调用 GitHub API
Avoid asking users to paste PATs into the agent. Prefer browser-based OAuth, short-lived tokens, or clear instructions for users to run the command locally themselves.
If the session file is exposed or mishandled, someone may be able to access the Telegram account without another code.
The documented flow creates a reusable Telegram session file that can provide ongoing account access without further verification, but the skill does not give clear protection, retention, or revocation guidance.
session文件自动保存 4. 以后复用这个session,无需再验证码
Tell users to store the session file in a private path, never share it, delete it when no longer needed, and revoke the session from Telegram’s device settings if compromised.
If the QR code is sent to the wrong chat or intercepted, it could help authorize a Telegram login session.
The QR image is an account-login artifact, and the skill suggests sending it through a chat without warning that only the intended account owner should receive and scan it.
推送QR码给用户(示例)
# 发送图片给Telegram用户
with open("/tmp/tg_qr.png", "rb") as f:
await client.send_file("telegram_chat_id", f)Treat QR login images as sensitive. Send them only through a trusted channel to the account owner, verify the recipient, and delete the image after use.
A user or agent could look for or run unreviewed scripts that delete or alter Telegram conversations.
The skill references a missing cleanup workflow containing scripts for batch Telegram conversation cleanup. That is unreviewed, account-mutating functionality outside the provided artifact set.
批量清理对话 清理可疑频道/陌生私聊:见 `references/telegram-cleanup-workflow.md`(含脚本 + 失败处理)
Include the referenced workflow for review, clearly scope what it deletes, require explicit confirmation before changes, and document recovery limitations.
Installing packages gives their code access to the local Python environment where the script runs.
The setup uses external PyPI packages without pinned versions. This is expected for the provided Telethon QR-login example, but users should be aware of the dependency trust boundary.
pip install telethon qrcode pillow
Use a fresh virtual environment, install from trusted package sources, and consider pinning known-good versions.