ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Telegram CS Agent

v1.0.1

Deploy and manage a Telegram customer service bot powered by Claude + RAG. Use when setting up a new CS bot, adding knowledge base docs, managing the bot lif...

0· 41·0 current·0 all-time
by@youziyouzishu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, SKILL.md, and included dependencies match the stated purpose: it uses Anthropic, Telethon (user account), ChromaDB and embeddings to provide a RAG-powered Telegram CS agent. However the registry metadata claims 'Required env vars: none' while the SKILL.md and code clearly require ANTHROPIC_API_KEY, TELEGRAM_API_ID, TELEGRAM_API_HASH, and related settings — an inconsistency you should verify with the publisher.
Instruction Scope
Runtime instructions and code stay within the described scope: they load local markdown docs, embed them, query Anthropic, and relay replies via Telethon. Important operational behaviors are explicit but significant: this is a Telethon userbot (not the Bot API), it will prompt for a phone number/2FA during interactive login, and it stores a persistent Telethon session under ~/.tgctl-telethon. The skill sends user messages to Anthropic (the intended LLM) and not to any other network endpoints.
Install Mechanism
No packaged install spec; SKILL.md instructs pip installing standard packages (anthropic, chromadb, sentence-transformers, telethon, python-dotenv). There are no external download URLs or obfuscated installers. The requirements are proportional to the functionality (embedding models will be downloaded by sentence-transformers at runtime).
!
Credentials
The environment/credentials required by the code (Anthropic API key, Telegram API ID/HASH, optional HANDOFF_CHAT_ID) are appropriate for this skill, but the registry metadata omitted declaring them. Also note the skill will prompt for and store your Telegram account session (phone number + potential 2FA) — handing a user account session to the code grants broader permissions than a bot-token-based integration.
Persistence & Privilege
The skill does not request elevated platform privilege (always:false). It does create persistent artifacts: Telethon session files under ~/.tgctl-telethon and a local ChromaDB collection (vector DB). These are normal for this use case but mean data (session, vectorized docs) is stored on disk and should be managed/isolated if you have security/privacy concerns.
What to consider before installing
This package appears to implement a Telethon-based Telegram userbot that calls Anthropic and stores a local ChromaDB vector store — that's consistent with a RAG customer-service bot. Before installing: - Confirm the registry metadata mismatch: the skill requires ANTHROPIC_API_KEY and TELEGRAM_API_ID/TELEGRAM_API_HASH (and will prompt for your phone/2FA); the registry listing incorrectly shows no required env vars. - Understand 'userbot' vs 'bot': this uses a user account (Telethon) and will create a persistent session at ~/.tgctl-telethon. A user account may access more chats and actions than a Bot API token. Only use an account you trust to attach to this code. - Run in an isolated environment (dedicated account or VM/container) and review the .env you create; Anthropic use incurs costs tied to your API key. - Review and control what markdown/docs you load: docs are vectorized and stored locally in ChromaDB; do not load sensitive data unless you accept local persistence. - If you need a less privileged integration, consider adapting the code to use a bot token (Bot API) instead of a user session, or require an organization review of the skill before deployment. If you want, I can list exact lines that read/env or file paths the skill will create and where sensitive data will be stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk975szjny2pjbtv20d7ac82b6h83xjhh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments