ClawHub

Telegram

OpenClaw skill for designing Telegram Bot API workflows and command-driven conversations using direct HTTPS requests (no SDKs).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
19 · 12.6k · 167 current installs · 171 all-time installs
by@codedao12
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: the files are documentation and HTTP request templates for the Telegram Bot API. Nothing in the bundle requests unrelated cloud credentials, binaries, or access.
Instruction Scope
SKILL.md and reference files contain only design patterns, HTTP templates, routing rules, and operational/security advice (e.g., don't log tokens). They do not instruct the agent to read arbitrary files, external servers, or environment variables outside the bot token/base URL that are reasonable inputs for this task.
Install Mechanism
No install spec and no code files — instruction-only content means nothing is downloaded or executed by the platform as part of installation.
Credentials
The guidance expects a bot token and base API URL as inputs (reasonable for Telegram integration). The registry metadata does not request any unrelated environment variables or credentials.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide privileges or alter other skills; autonomous invocation is allowed by default but is normal and not excessive here.
Assessment
This skill is documentation-only and appears coherent with its stated purpose. Before using it: (1) treat your bot token as a secret — do not paste it into chat or logs and store it in a secure secret store or environment variable in your runtime; (2) implement webhooks over HTTPS and use the secret_token header as recommended; (3) enforce idempotency and rate-limits when you write the code that follows these instructions; (4) remember the skill contains no executable code — you or your deployment pipeline will implement HTTPS calls, storage of update_id caches, and any persistent components, so review any code you add for proper security (input validation, safe storage, least-privilege); (5) test in a development bot before production. Overall the bundle is internally consistent, but it does not perform any installation or provide an SDK — exercise normal caution when implementing the runtime components.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk976v8x43zt4tsc45wtnx1sxax80c650

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Telegram Bot Skill (Advanced)

Purpose

Provide a clean, production-oriented guide for building Telegram bot workflows via the Bot API, focusing on command UX, update handling, and safe operations using plain HTTPS.

Best fit

  • You want a command-first bot that behaves professionally.
  • You need a reliable update flow (webhook or polling).
  • You prefer direct HTTP calls instead of libraries.

Not a fit

  • You require a full SDK or framework integration.
  • You need complex media uploads and streaming in-process.

Quick orientation

  • Read references/telegram-bot-api.md for endpoints, update types, and request patterns.
  • Read references/telegram-commands-playbook.md for command UX and messaging style.
  • Read references/telegram-update-routing.md for update normalization and routing rules.
  • Read references/telegram-request-templates.md for HTTP payload templates.
  • Keep this SKILL.md short and use references for details.

Required inputs

  • Bot token and base API URL.
  • Update strategy: webhook or long polling.
  • Command list and conversation tone.
  • Allowed update types and rate-limit posture.

Expected output

  • A clear command design, update flow plan, and operational checklist.

Operational notes

  • Prefer strict command routing: /start, /help, /settings, /status.
  • Always validate incoming update payloads and chat context.
  • Handle 429s with backoff and avoid message bursts.

Security notes

  • Never log tokens.
  • Use webhooks with a secret token header when possible.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…