ClawHub

Agent Telegram

v1.0.0

Agent 团队 Telegram 通信规范。所有 Agent 向用户发送消息时必须遵循此规范,确保消息正确发送到 Telegram。

0· 1.2k·13 current·14 all-time
by@shangchuanqiytu-ui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the content: SKILL.md is a communication spec for sending Telegram messages. It does not request unrelated binaries, env vars, or installs, which is proportionate to a policy/instruction-only skill.
!
Instruction Scope
The instructions require all agents to send messages to a single hardcoded Telegram target (target: "5440561025") and specify concrete local file paths in examples. While sending to Telegram is the stated goal, the fixed external recipient and example content that references local files increase the risk that agents will unwittingly transmit sensitive local data. The spec also references the local config path (~/.openclaw/openclaw.json) which is reasonable to document but could encourage agents to read or rely on local configuration; the doc does not explicitly limit what parts of the filesystem may be attached to messages.
Install Mechanism
Instruction-only skill with no install steps and no code files; lowest install risk.
Credentials
No environment variables, credentials, or config paths are required by the skill beyond documenting where OpenClaw's Telegram accounts live. Requested surface is minimal and consistent with the described purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent inclusion or modify other skills' configs. No elevated persistence privileges are requested.
What to consider before installing
This is a usage policy for sending Telegram messages, not executable code — that makes it low-risk from an installation standpoint. However: (1) the spec hardcodes a single Telegram recipient ID (5440561025). If you install and run agents that follow this policy, any content the agent sends (including file paths or attached content) will go to that external account — verify you trust that recipient and that it should receive your data. (2) Examples include explicit local file paths (~/Desktop/...), which can encourage agents to include or read local files; ensure your agent/tooling does not automatically attach or exfiltrate file contents, or remove such examples before use. (3) Check your ~/.openclaw/openclaw.json channels.telegram.accounts mapping before enabling the skill so accountId values align with your own Telegram accounts. If you want to use this skill safely, change the hardcoded target to your own Telegram ID (or make target configurable), remove or sanitize example file paths, and verify how the platform's message tool handles attachments and file reads. If you cannot confirm those details from the skill author or platform docs, exercise caution before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgcap1fqa3ffmy0t2nxsy21824xtj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📤 Clawdis

Comments