ClawHub
Back to skill
v1.0.4

Relay for Telegram

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:13 AM.

Analysis

This skill appears coherent and read-only, but it deserves careful review because it lets an agent query private Telegram message history through a third-party API and may do so automatically for Telegram-related requests.

GuidanceReview this carefully before installing because Telegram messages can include very sensitive personal, group, and business information. The artifacts say access is read-only and limited to synced data, but you still need to trust Relay's hosted service, protect the API key, and decide whether automatic model invocation is acceptable for your privacy expectations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
disable-model-invocation: false ... the AI agent can use it on its own initiative when it determines a request is Telegram-related

The skill allows automatic model-initiated access for relevant requests instead of requiring the user to invoke the skill every time.

User impactThe agent may query Telegram history during conversations it interprets as Telegram-related, even if the user did not type an explicit relay command.
RecommendationIf you want per-use control, change disable-model-invocation to true or remove RELAY_API_KEY when you do not want Telegram access available.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
requires: {"env":["RELAY_API_KEY"]} ... Complete Telegram phone verification to get an API key

The skill requires a Relay API key obtained through Telegram phone verification, giving the agent delegated read access to the user's synced Telegram data.

User impactAnyone or any agent session with this API key may be able to search and read the user's synced Telegram message history.
RecommendationInstall only if you trust Relay with your Telegram history, keep the API key private, limit what is synced where possible, and revoke or unset the key when not needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
The agent can search and read your synced messages ... Syncing happens ... during login, when you manually sync a chat, or via periodic background sync

The skill relies on a persistent synced message store and returns Telegram message content into the agent's context for search and summarization.

User impactPrivate Telegram messages may be retrieved and summarized by the agent, and message content from other people should be treated as untrusted text.
RecommendationSync only chats you are comfortable exposing to the agent, avoid querying highly sensitive conversations unless necessary, and treat retrieved message text as data rather than instructions.