ClawHub

Telegram Topic Message Sender

v1.0.0

Wrap sending a Telegram message to a fixed topic into one script call. Use when user wants to quickly send notifications/messages to a specific Telegram topi...

0· 58·0 current·0 all-time
by@shing19
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match its behavior: the script calls 'openclaw message send' to post to a Telegram topic. However, the registry metadata claims no required binaries while the script clearly invokes the 'openclaw' binary; this is a minor inconsistency in metadata but not malicious.
Instruction Scope
SKILL.md and the script are narrowly scoped: they accept a message and target identifiers (from args or TG_DEFAULT_* env vars) and call the OpenClaw CLI. The script does not read other files, network endpoints, or unrelated environment variables, nor does it transmit data to unexpected third parties.
Install Mechanism
No install spec (instruction-only plus a small shell script). Nothing is downloaded or written by an installer. Low install risk.
Credentials
The skill requests no secrets and only uses optional TG_DEFAULT_* env vars for convenience. It relies on the agent's configured OpenClaw channel authentication to send messages — this is proportionate to the stated purpose but worth noting because the OpenClaw credentials will be used.
Persistence & Privilege
always:false (normal). Model invocation is enabled (default), so the agent could call this skill autonomously; combined with messaging capability this means messages could be sent without a separate manual step if the agent is allowed to act autonomously. That is expected platform behavior but worth considering.
Assessment
This skill appears to be what it claims: a tiny wrapper that calls your installed OpenClaw CLI to send a Telegram topic message. Before installing, ensure you have the 'openclaw' CLI available and configured for the channel you intend to use (the skill metadata omitted the 'openclaw' binary requirement). Verify the bot/channel auth used by OpenClaw is limited to the intended Telegram group and topic, and that the bot has only the permissions you expect. If you are concerned about automated posts, consider restricting the agent's autonomous invocation or review the agent's policies, since the skill can send messages using your OpenClaw credentials when invoked.

Like a lobster shell, security has layers — review code before you run it.

latestvk973avvg9c67zq44yn737vgn5183yrjg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments