Telegram Tools Suite
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: telegram-tools-suite Version: 1.3.3 The Telegram Tools Suite provides powerful automation features including keyword monitoring, group searching, batch joining, and scheduled messaging. While the code is well-documented and includes safeguards such as environment variable gates (ENABLE_HIGH_RISK_OPERATIONS) and rate-limiting logic, it possesses high-risk capabilities that could be used for spam or account hijacking. Specifically, the suite handles highly sensitive Telegram session files and API credentials, and it includes logic in `session_runtime.py` to duplicate session databases to bypass SQLite locks. Although no evidence of intentional data exfiltration or malicious backdoors was found, the inherent risk of automated mass-actions and the handling of session tokens in `join/runtime.py` and `send/runtime.py` justify a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the generated session file or credentials could potentially access the Telegram account, so these files and values must be protected.
The skill requires Telegram API credentials, phone login, and creates persistent Telegram session files. This is expected for a Telegram client automation tool, but it gives the skill access to the user's Telegram account.
requiredEnv: TELEGRAM_API_ID ... TELEGRAM_API_HASH(高敏感) ... TELEGRAM_PHONE ... 运行时会在`userdata/`目录生成`*.session`会话文件(包含Telegram登录认证状态)
Use a dedicated/test Telegram account, do not share .env or .session files, and run only from a trusted local copy.
Incorrect targets or messages could join unwanted groups, send unwanted messages, or trigger Telegram anti-spam restrictions.
The skill exposes high-impact Telegram actions such as batch joining groups and scheduled group messaging. The actions are disclosed and gated by an explicit environment variable, but they can still affect the user's account reputation and public/group interactions.
`ENABLE_HIGH_RISK_OPERATIONS=true python3 -m tg_monitor_kit join --once` ... `ENABLE_HIGH_RISK_OPERATIONS=true python3 -m tg_monitor_kit send-schedule`
Only enable high-risk commands for reviewed target lists/messages, keep conservative send/join limits, and avoid using a primary Telegram account.
A task left running may continue monitoring Telegram activity or sending scheduled messages until stopped.
The skill includes long-running tasks. This is disclosed and fits the monitoring/search/scheduling purpose, but users need to manage process lifetime themselves.
`monitor`(群监控)、`search`(群搜索)、`join`(批量加群定时模式)均为长时间运行的长驻任务,启动后会持续在后台运行直至手动终止。
Run long-lived commands in a visible terminal when possible, stop them with Ctrl+C or by ending the Python process, and verify no stale process remains.
Local output files may reveal group memberships, group IDs, monitored message hits, or search results to anyone with access to the machine.
The skill stores a local cache of joined Telegram groups/channels. Other code also exports monitoring/search results to local files, which is expected for the tool but can leave sensitive Telegram metadata and message-derived data on disk.
return os.path.join(cfg.project_root, "userdata", "my_telegram_groups.json") ... json.dump(groups, f, ensure_ascii=False, indent=2)
Keep the project directory private, avoid committing userdata/output files, and delete local caches/exports when no longer needed.
Dependency behavior could change across installs if upstream packages release new versions.
The install path uses normal Python dependencies with lower-bound version ranges rather than pinned versions. This is common and purpose-aligned, but it means future installs may resolve to newer dependency versions.
dependencies = [ "telethon>=1.34.0", "openpyxl>=3.1.0", "python-dotenv>=1.0.0" ]
Install in a virtual environment and consider pinning dependency versions or using a lockfile for repeatable deployments.