Telegram Premium Features
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: telegram-premium-features Version: 2.0.0 The bundle is a comprehensive implementation guide for building subscription and monetization systems in Telegram-compatible backends. It contains standard SQL schemas and Go code snippets for membership management, Stripe payment integration, and feature gating. No malicious behaviors, data exfiltration, or harmful prompt injection attempts were found; the content is purely educational and functional for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into production without safeguards, customers could be charged automatically without enough consent, notice, or review.
The guide includes an automatic renewal flow that would charge subscriptions when implemented. This is aligned with the monetization purpose, but it is a high-impact action.
if sub.AutoRenew { ... err := s.chargeSubscription(ctx, sub) ... }Require explicit opt-in for auto-renewal, send clear notices, log all charge attempts, handle errors carefully, and provide cancellation and dispute paths.
Payment gateway credentials used with this design could create charges or issue refunds if over-scoped or mishandled.
The payment gateway interface describes charge, webhook verification, and refund authority. These are expected for a payment integration guide, but they imply privileged payment-provider access in a real implementation.
CreateCharge(amount float64, currency string) ... VerifyWebhook(payload []byte, signature string) ... Refund(chargeID string, amount float64)
Use least-privilege payment credentials, keep secrets outside code, verify webhooks, restrict refund permissions, and monitor privileged payment actions.
A production version could collect and reuse user behavior data in ways that affect pricing, targeting, or account decisions.
The analytics examples use persistent per-user behavioral metrics for engagement and churn prediction. This is purpose-aligned, but it involves sensitive user activity data.
metrics.MessagesPerDay = a.getMessageCount(ctx, userID, 24*time.Hour) ... metrics.FeaturesUsed = a.getFeatureUsage(ctx, userID) ... metrics.StorageGrowth = a.getStorageGrowth(ctx, userID)
Minimize collected analytics, define retention limits, restrict internal access, document user-facing privacy terms, and validate analytics data before using it for automated decisions.