Openclaw Telegram Setup
Security checks across malware telemetry and agentic risk
Overview
This instruction-only skill is coherent for setting up Telegram with OpenClaw, but users should handle the Telegram bot token and chat/webhook routing carefully.
This appears safe to use as a manual setup guide. Before installing or following it, keep the Telegram bot token private, restrict allowedChatIds to trusted users or groups, and be cautious with webhook exposure or remote setup help.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the bot token could control or misuse the Telegram bot, so careless sharing or logging of the token could affect the user’s chats.
The setup requires a Telegram bot token and stores it in the OpenClaw configuration. This is expected for a Telegram bot integration, but the registry metadata does not declare a primary credential.
保存返回的 **Token**(格式:`123456789:ABCdefGHI...`) ... botToken: "123456789:ABCdefGHI..."
Store the bot token securely, avoid sharing screenshots or URLs containing it, use allowedChatIds to restrict who can interact with the bot, and rotate the token in BotFather if it is exposed.
Messages sent to the bot, including group messages if enabled, may be processed by the local gateway and downstream AI services.
The instructions route Telegram personal or group messages through an OpenClaw gateway or webhook. This is the intended function, but it creates a message boundary between Telegram, OpenClaw, and any AI model used behind it.
allowedChatIds: ... 群组支持 ... webhook: url: "https://your-domain.com/telegram/webhook"
Limit allowedChatIds, only add the bot to groups where participants understand it can read messages, use HTTPS for webhook mode, and review the OpenClaw/AI provider privacy settings.