ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Telegram Notifier

v1.0.0

Send any agent report, alert, or message to a Telegram chat using your bot token. Use when you want to deliver findings, briefings, security alerts, or task...

0· 65·0 current·0 all-time
by@infectit007

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for infectit007/telegram-notifier.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Telegram Notifier" (infectit007/telegram-notifier) from ClawHub.
Skill page: https://clawhub.ai/infectit007/telegram-notifier
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install telegram-notifier

ClawHub CLI

Package manager switcher

npx clawhub@latest install telegram-notifier
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md clearly requires TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID to operate, but the registry metadata lists no required env vars or primary credential; that mismatch is incoherent. Aside from that omission, the env vars requested by the instructions are appropriate for a Telegram notifier.
Instruction Scope
The runtime instructions are narrowly scoped to posting messages to Telegram's API and include example code and a cron scheduling example. However, the agent will send whatever content it constructs to an external service — if the agent includes secrets or sensitive data in reports, those will be transmitted to Telegram.
Install Mechanism
No install spec and no code files (instruction-only). Low install risk because nothing will be written or executed from an external URL during installation.
!
Credentials
The skill needs only two environment values (bot token and chat id), which is proportionate for the stated purpose. The problem is the registry metadata does not declare them, so automated permission/credential checks may be incomplete. Note: TELEGRAM_BOT_TOKEN is a sensitive secret — if exposed an attacker can post as your bot.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or system-wide persistence. Model invocation is allowed by default (normal); combined with the credential issue this increases the need for caution but is not itself a red flag.
What to consider before installing
This appears to be a simple, coherent Telegram notifier, but the registry metadata failing to declare the required TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID is an inconsistency you should resolve before installing. Recommendations: (1) Confirm the registry entry is updated to declare the env vars; (2) Create a dedicated Telegram bot token for this use (do not reuse higher-privilege tokens), restrict the bot to a controlled chat or group, and rotate it if compromised; (3) Never allow the agent to send raw secrets or credentials — limit or sanitize report contents and test with non-sensitive data; (4) Store the bot token in a secure secret store (not plaintext logs); (5) If you plan to enable scheduled or autonomous sends, review what the agent will include in messages and set appropriate guardrails/ratelimits; (6) If the registry metadata cannot be corrected, treat the omission as a sign of low quality and prefer a skill whose declared requirements match its runtime instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awfc4vmacn9frx57nb2qz1x84rw74
65downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@infectit007
latest
Download

Telegram Notifier

Send structured messages from any agent to Telegram.

One skill. One job. Works with any agent, any report, any workflow.

Prerequisites

You need a Telegram bot token and a chat ID in your environment:

TELEGRAM_BOT_TOKEN=your_bot_token_here
TELEGRAM_CHAT_ID=your_chat_id_here

Get a bot token: Message @BotFather on Telegram → /newbot → copy the token.

Get your chat ID: Message @userinfobot on Telegram → it replies with your ID.

Sending a message

Basic send (plain text)

import os, requests

requests.post(
    f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage",
    json={
        "chat_id": os.environ['TELEGRAM_CHAT_ID'],
        "text": "Your message here"
    },
    timeout=10
)

Markdown formatted message

import os, requests

def send_telegram(text: str, parse_mode: str = "Markdown") -> bool:
    """Send a message to Telegram. Returns True on success."""
    r = requests.post(
        f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage",
        json={
            "chat_id": os.environ['TELEGRAM_CHAT_ID'],
            "text": text,
            "parse_mode": parse_mode,
        },
        timeout=10,
    )
    return r.status_code == 200

# Example: send an agent report
send_telegram("*SECURITY REPORT*\n\n✅ No threats detected.\nNext scan: 04:00")

Send with agent prefix (recommended format)

from datetime import datetime

def agent_report(agent_name: str, body: str) -> None:
    timestamp = datetime.now().strftime("%H:%M")
    message = f"📡 *{agent_name}* — {timestamp}\n\n{body}"
    send_telegram(message)

agent_report("Alpha", "Network scan complete. 2 new devices detected.")

Common use cases

1. Deliver a briefing

report = """
🌅 *MORNING BRIEFING*

🔴 Security: 1 warning — config perms
🖥️ Infra: All containers healthy
💰 Cashflow: 0 new installs
"""
send_telegram(report)

2. Send an alert

def send_alert(title: str, detail: str, severity: str = "WARN") -> None:
    icons = {"CRITICAL": "🚨", "WARN": "⚠️", "INFO": "ℹ️"}
    icon = icons.get(severity, "⚠️")
    send_telegram(f"{icon} *{severity}: {title}*\n\n{detail}")

send_alert("Disk usage at 91%", "Root partition: 91% full. Free up space.", "WARN")

3. Confirm task completion

send_telegram("✅ *Task complete:* Suricata rules updated. 49,892 rules active.")

4. Send on cron schedule

openclaw cron add \
  --name "telegram-notifier:daily-check" \
  --cron "0 8 * * *" \
  --prompt "Run a system health check and send the results via the telegram-notifier skill."

Error handling

import os, requests

def send_telegram(text: str) -> dict:
    """Returns {"ok": True} or {"ok": False, "error": "..."}"""
    token = os.environ.get("TELEGRAM_BOT_TOKEN")
    chat_id = os.environ.get("TELEGRAM_CHAT_ID")

    if not token or not chat_id:
        return {"ok": False, "error": "TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID not set"}

    try:
        r = requests.post(
            f"https://api.telegram.org/bot{token}/sendMessage",
            json={"chat_id": chat_id, "text": text[:4096]},  # Telegram limit: 4096 chars
            timeout=10,
        )
        data = r.json()
        if data.get("ok"):
            return {"ok": True}
        return {"ok": False, "error": data.get("description", "unknown error")}
    except requests.Timeout:
        return {"ok": False, "error": "Request timed out"}
    except Exception as e:
        return {"ok": False, "error": str(e)}

Limitations

  • Telegram message limit: 4096 characters. Truncate or split long reports.
  • Rate limit: 30 messages/second per bot (you will never hit this in normal use).
  • parse_mode "Markdown" requires escaping special chars: _ * [ ] ( ) ~ > # + - = | { } . ! Use "HTML" if your messages contain special characters.
  • This skill only sends messages. For receiving messages or building interactive bots, use a dedicated bot framework.

Comments

Loading comments...