ClawHub

Telegram Mini App Dev

v1.0.1

Build Telegram Mini Apps without the pain. Includes solutions for safe areas, fullscreen mode, BackButton handlers, sharing with inline mode, position:fixed issues, and React gotchas. Use when building or debugging Telegram Mini Apps, or when encountering issues with WebApp API, safe areas, or sharing.

1· 2.2k·3 current·4 all-time
by@zenith2828
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files (hooks, components, knowledge base). The referenced APIs (window.Telegram.WebApp, WebApp.shareMessage, bot.savePreparedInlineMessage, R2/CDN, resvg-wasm) are relevant to building Telegram Mini Apps.
Instruction Scope
SKILL.md and code only instruct reading Telegram WebApp state, handling UI issues, preparing inline messages, and server-side image generation patterns. No instructions ask the agent to read unrelated system files, environment variables, or transmit arbitrary data to unknown endpoints.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or written to disk. References to libraries (e.g., @resvg/resvg-wasm, @telegram-apps/sdk) are typical dependencies for the documented tasks and would be installed by the user if needed.
Credentials
The skill declares no required environment variables or credentials. The documentation correctly separates client-side code from server-side needs (e.g., backend calling bot.savePreparedInlineMessage). No unexpected secret access is requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-level privileges or modify other skills' configs. All code is client-side utilities meant to be copy/pasted into projects.
Assessment
This skill appears coherent and safe for its stated purpose: reusable React hooks/components and a knowledge base for Telegram Mini Apps. Before using, ensure you do not copy any server-side bot tokens or other secrets into client code — server-side calls that prepare inline messages must hold bot credentials on the server only. If you implement the suggested server-side image generation (resvg-wasm, R2/CDN), secure those services and credentials appropriately. Review any third-party packages (@telegram-apps/sdk, resvg) you add to your project for supply-chain risk, and verify behavior on actual iOS/Android Telegram clients as recommended in the testing checklist.

Like a lobster shell, security has layers — review code before you run it.

botvk974np8et61j22epsqpndc6tq980c5xwcloudflare-workersvk974np8et61j22epsqpndc6tq980c5xwcomponentsvk9744dpd23xqs085y0e81keeh580cg2zfullscreenvk974np8et61j22epsqpndc6tq980c5xwhooksvk9744dpd23xqs085y0e81keeh580cg2zinline-modevk974np8et61j22epsqpndc6tq980c5xwlatestvk974np8et61j22epsqpndc6tq980c5xwmini-appvk974np8et61j22epsqpndc6tq980c5xwreactvk974np8et61j22epsqpndc6tq980c5xwresvgvk974np8et61j22epsqpndc6tq980c5xwsafe-areavk974np8et61j22epsqpndc6tq980c5xwshare-cardsvk974np8et61j22epsqpndc6tq980c5xwsharingvk974np8et61j22epsqpndc6tq980c5xwtelegramvk974np8et61j22epsqpndc6tq980c5xwtmavk974np8et61j22epsqpndc6tq980c5xwtypescriptvk9744dpd23xqs085y0e81keeh580cg2zwebappsvk974np8et61j22epsqpndc6tq980c5xw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments