Back to plugin

Security audit

Telegram Chat Summary

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Telegram summarizer, but setup can change global OpenClaw tool permissions and the plugin handles Telegram sessions/messages on a background schedule.

Install only if you trust this plugin with your Telegram account and chat contents. Before use, inspect the flagged `src/telegram-client.ts` password line, review the OpenClaw config changes made by setup, restrict the tool allowlist/profile where possible, protect `apiHash`, `sessionString`, and bot tokens, and confirm the scheduler and summary destination are exactly what you intend.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/telegram-client.ts:37
Evidence
password: [REDACTED],