ClawHub
Back to skill
v1.0.0

Telegram Login Helper

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:59 PM.

Analysis

This is a coherent Telegram login helper, but it needs review because it reuses or copies personal Telegram session state and retrieves chat data through hardcoded local helpers.

GuidanceInstall only if you intentionally want this agent to handle your Telegram personal-account sessions. Confirm the hardcoded namespace and paths belong to you, review any referenced external helper skills first, avoid copying TDLib state unless you understand the account-access implications, and prefer minimal login checks that do not read message history.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
python3 /home/stevewu/.openclaw/workspace/skills/telegram-personal-ops/scripts/tg_personal_ops.py read_chats --limit 5

The skill instructs use of a helper script from another local skill that is not included in this artifact manifest or declared as a dependency, and that helper is used with personal Telegram chat access.

User impactThe user may end up running non-reviewed local code with access to Telegram account data.
RecommendationReview and declare any required companion skills or helper scripts before installation, and avoid invoking external helpers for personal-account data unless their source and permissions are trusted.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/login_10_namespaces.sh
namespaces=(tg1 tg2 tg3 tg4 tg5 tg6 tg7 tg8 tg9 tg10) ... tdl login -n "$ns" -T qr

The script batch-processes QR login for ten Telegram personal-account namespaces. It is interactive and purpose-aligned, but it can create multiple persistent account sessions.

User impactRunning the script may prompt QR login for several accounts and leave reusable Telegram sessions on the machine.
RecommendationRun it manually only for intended accounts, and remove unused namespaces or sessions afterward.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
已有可复用 namespace:`steve` ... TDLib 数据目录:`/home/stevewu/.tdl/data` ... 优先复制对应 namespace 的 TDLib state

The skill directs reuse and transfer of existing Telegram login/session state. TDLib state functions as personal-account session authority, but the registry declares no primary credential or required config path and the instructions do not clearly bound ownership, approval, secure transfer, or revocation.

User impactAn agent using or copying this state could gain ongoing access to a personal Telegram account under that namespace.
RecommendationUse only with explicit approval for the specific account and namespace; declare the tdl dependency and .tdl session path; copy only sessions you own through a secure channel; document cleanup and Telegram session revocation steps.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
python3 /home/stevewu/.openclaw/workspace/skills/telegram-personal-ops/scripts/tg_personal_ops.py read_chats --limit 5
python3 /home/stevewu/.openclaw/workspace/skills/telegram-personal-ops/scripts/tg_personal_ops.py read_history --chat 777000 --limit 20

The login helper verifies success by retrieving Telegram chat lists and message history into the agent workflow. The artifacts do not specify user approval, redaction, retention, or limits on how that retrieved content is reused.

User impactPrivate chat names or message contents could be exposed to the agent context or logs during a login check.
RecommendationPrefer minimal authentication checks that do not read message history, and require explicit user approval plus redaction/retention rules before reading Telegram chats.