ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GramGate

v0.1.1

Telegram gateway for AI agents and automation. Use GramGate to access a real Telegram account over REST or MCP: read channels and history, search across chat...

0· 68·0 current·0 all-time
by@zakirovdmr

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zakirovdmr/gramgate.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GramGate" (zakirovdmr/gramgate) from ClawHub.
Skill page: https://clawhub.ai/zakirovdmr/gramgate
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gramgate

ClawHub CLI

Package manager switcher

npx clawhub@latest install gramgate
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises MTProto user-account access (read history, send messages, click buttons) but the package is instruction-only and declares only python3 as a requirement. There are no declared credentials (Telegram API_ID/API_HASH, phone number, session file) or config paths even though a real user account is needed. That mismatch suggests the skill's manifest is incomplete or misleading.
Instruction Scope
SKILL.md instructs the agent to call local REST/MCP endpoints (e.g., http://127.0.0.1:18791) to perform sensitive actions. The instructions themselves do not tell the agent to read unrelated files or env vars, but they assume an external GramGate service is running and already authenticated to a Telegram account — this implicit prerequisite is not documented in the manifest.
Install Mechanism
There is no install spec or code bundled with the skill (instruction-only). This is lower immediate installation risk, but it also means the skill depends on an out-of-band install (GitHub repo) that the manifest does not verify or pin — the runtime behavior depends on whatever implementation the user installs separately.
!
Credentials
The skill enables read/write access to a real Telegram account (sensitive access) yet declares no required credentials or primaryEnv. A legitimately functioning GramGate deployment would require Telegram API credentials and/or session state; the absence of declared secrets is disproportionate and hides where/when credentials must be provided.
!
Persistence & Privilege
always:false (normal), but the skill allows the agent to call local services autonomously. Combined with the missing credential/config declarations and the powerful actions described (reading history, sending messages), autonomous invocation increases risk if a user later installs an untrusted GramGate server or exposes it beyond localhost.
What to consider before installing
This skill is suspicious because it describes a powerful Telegram gateway but provides no install, credential, or configuration details. Before installing or using it: (1) verify the upstream repository and review its code for how it stores/uses Telegram API_ID/API_HASH, session files, and any network endpoints; (2) do not expose the service to the internet without authentication and rate-limiting; (3) run the service in an isolated environment (container/VM) if you must use it; (4) restrict agent autonomy or require explicit user approval before the agent issues any write actions (sending/joining/posts); and (5) if you cannot audit the implementation, avoid providing your real Telegram account credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📬 Clawdis
Binspython3
latestvk977ayxj75tbsvzq34m572dwtx84t9mj
68downloads
0stars
2versions
Updated 1w ago
v0.1.1
MIT-0
@zakirovdmr
latest
Download

GramGate

Telegram gateway for AI agents and automation.

Use GramGate when you need real Telegram account access via MTProto, not the limitations of the Bot API.

GitHub: https://github.com/zakirovdmr/gramgate

Why GramGate

Telegram bots cannot reliably do the things many serious workflows need: read subscribed channels, browse full history, search across chats, join by link, or click inline buttons as a normal user.

GramGate solves that by exposing a real Telegram account through:

  • REST API for scripts, automations, and HTTP tools
  • MCP server for Claude, GPT, IDE agents, and agent frameworks

Best Use Cases

Use this skill for:

  • channel research and monitoring, including subscribed-channel analysis and news tracking
  • content workflows, from research collection to drafting triggers and publishing operations
  • Telegram E2E testing, including bot flows that require real user interaction and button clicks
  • support, CRM, and notification flows inside Telegram
  • agent integrations, where an AI system needs structured Telegram read/write access

What It Can Do

GramGate exposes 40+ Telegram endpoints and supports workflows like:

  • reading dialogs, chats, channels, contacts, and full message history
  • searching within a chat or globally across Telegram
  • joining or leaving channels and groups
  • sending, editing, deleting, forwarding, copying, pinning, and reacting to messages
  • reading rich history with inline buttons and clicking those buttons
  • working with polls, media, contacts, locations, members, and live feed events

Typical local endpoints:

REST: http://127.0.0.1:18791
MCP:  http://127.0.0.1:18793/sse

Common REST Calls

Health and account

curl -s http://127.0.0.1:18791/health
curl -s http://127.0.0.1:18791/api/me
curl -s http://127.0.0.1:18791/api/dialogs?limit=30

Read chats and channels

curl -s -X POST http://127.0.0.1:18791/api/chat/info \
  -H 'Content-Type: application/json' \
  -d '{"chat_id":"@durov"}'

curl -s -X POST http://127.0.0.1:18791/api/chat/history \
  -H 'Content-Type: application/json' \
  -d '{"chat_id":"-1001234567890","limit":20}'

Search and join

curl -s -X POST http://127.0.0.1:18791/api/message/search \
  -H 'Content-Type: application/json' \
  -d '{"chat_id":"-1001234567890","query":"keyword","limit":20}'

curl -s -X POST http://127.0.0.1:18791/api/chat/join \
  -H 'Content-Type: application/json' \
  -d '{"link":"@channel_name"}'

Send a message

curl -s -X POST http://127.0.0.1:18791/api/message/send \
  -H 'Content-Type: application/json' \
  -d '{"recipient":"@username","text":"Hello from GramGate!"}'

Click an inline button

curl -s -X POST http://127.0.0.1:18791/api/button/click \
  -H 'Content-Type: application/json' \
  -d '{"chat_id":123456789,"message_id":42,"callback_data":"btn_action"}'

MCP Use

Use GramGate MCP when another agent should be able to:

  • list dialogs
  • inspect a chat or channel
  • fetch history
  • search messages
  • join channels
  • send messages
  • click Telegram inline buttons

Notes

  • chat_id may be numeric or @username
  • groups and channels usually use negative numeric ids
  • this is user-account access, so privacy and operational safety matter
  • prefer fewer, larger reads and avoid tight write loops
  • if exposing GramGate beyond localhost, use authentication and sane rate limits

Recommended Workflow

  1. Confirm the service is healthy.
  2. Discover the right chat or channel.
  3. Read history before taking action.
  4. Batch reads where possible.
  5. Write only when the task actually requires it.

Full Documentation

For setup, architecture, authentication, rate limiting, and the complete endpoint list, use the GitHub repo as the canonical reference:

https://github.com/zakirovdmr/gramgate

Comments

Loading comments...