Telegram Readonly
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned and read-only, but it uses a full personal Telegram session and recommends unpinned external code, so it should be reviewed before use.
Install only if you trust and preferably pin/review the GitHub package. Treat ~/.config/telegram-readonly/config.json like a password, limit reads to specific chats and small searches, test unread behavior, and revoke the Telegram session if you stop using the skill.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the session file or installed code is misused, it could access the user's Telegram account with more authority than simple read-only browsing.
The skill relies on a full personal-account Telegram session rather than a scoped read-only token. This is disclosed and purpose-aligned, but it is high-impact authority and is under-declared by the registry metadata.
Important: the underlying Telethon session still has high privilege because it is a real Telegram login. The safety comes from the wrapper surface area, not from Telegram granting reduced permissions.
Declare the credential/session requirement in metadata, protect and periodically revoke the Telegram session, and require explicit user approval before account-wide reads.
The code installed at runtime may differ from the reviewed artifacts and would be trusted with a high-privilege Telegram login.
The preferred install pulls executable code from a GitHub repository without a pinned commit, release, or lockfile in the artifacts. Because that code handles a Telegram session, provenance matters.
pipx install git+https://github.com/ropl-btc/telegram-readonly-cli.git
Pin the install to a reviewed commit or release, provide a registry install spec/lockfile, and review the package before authenticating Telegram.
Private Telegram messages may appear in the chat transcript, model context, logs, or downstream summaries if the agent uses the results broadly.
The wrapper returns Telegram message text and sender metadata as JSON, which is expected for the purpose but brings private chat content into the agent's working context.
"text": message.message, "sender_id": getattr(message, "sender_id", None), "sender_name": sender_name
Use narrow chat filters and limits, avoid unnecessary global searches, and do not retain or share retrieved messages unless the user explicitly wants that.
Using the skill could unexpectedly change unread indicators or related account state.
The documentation acknowledges that read operations may still affect unread state across Telegram clients even though the wrapper does not call explicit read acknowledgements.
That should usually avoid marking messages as read, but this must be verified with a live test because Telegram state can be subtle.
Test unread behavior on a low-risk chat before wider use, especially where preserving unread state matters.