ClawHub
Code PluginExecutes codesource-linked

Telegram Tools

marxbiotech-telegram-tools

Community code plugin. Review compatibility and verification before install.
marxbiotech-telegram-tools · runtime id marxbiotech-telegram-tools
Install
openclaw plugins install clawhub:marxbiotech-telegram-tools
Latest Release
Version 1.0.0
Compatibility
{
  "builtWithOpenClawVersion": "2026.3.23",
  "pluginApiRange": ">=1.0.0"
}
Capabilities
{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "marxbiotech-telegram-tools",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is a Telegram management plugin and its code implements webhook, pairing, group, and mention operations (coherent). However, it relies on environment variables (TELEGRAM_BOT_TOKEN, WORKER_URL, TELEGRAM_WEBHOOK_SECRET) and reads/writes an OpenClaw credentials directory, yet the registry metadata declared no required environment variables or credentials. That mismatch (undeclared but required secrets/paths) is a coherence problem.
!
Instruction Scope
The runtime code tells the agent to call the Telegram API and to run openclaw CLI commands (openclaw config set/unset). It also reads/writes files under the OpenClaw credentials directory and uses process.env values. Additionally the code contains a large BOT_TO_BOT_MENTION_PROMPT string with system-style instructions for appending a <conversation-state> block to replies — effectively a prompt that could influence agent behavior. The instructions access local config and secrets and include content that looks like a system-prompt override, which expands scope beyond simple Telegram config management.
Install Mechanism
There is no install spec; this is instruction/code-only and nothing gets fetched from external arbitrary URLs. No additional packages or downloads are executed at install time.
!
Credentials
The code reads TELEGRAM_BOT_TOKEN, WORKER_URL, TELEGRAM_WEBHOOK_SECRET and uses OPENCLAW_HOME or ~/.openclaw for credential storage, but the skill metadata lists no required env vars or primary credential. Requesting access to local credential directories and multiple environment secrets is proportionate for a Telegram webhook manager but it should be declared up front; omission is a red flag. The BOT_TO_BOT_MENTION_PROMPT embedded in code is another unexpected secret-like artifact (it attempts to influence agent output).
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The plugin reads/writes its own config keys via openclaw config and creates pairing files under its own OpenClaw config area; it does not request permanent 'always' inclusion or attempt to modify other skills' configs in the visible code.
Scan Findings in Context
[system-prompt-override] unexpected: The code includes BOT_TO_BOT_MENTION_PROMPT: a multi-line string instructing the assistant to append a <conversation-state> block and follow strict rules. Embedding such assistant/system-style instructions inside a plugin is unexpected for a Telegram management tool and may alter the agent's reply behavior; this matches the scanner's system-prompt-override pattern.
What to consider before installing
This plugin mostly does what its name says (manage Telegram webhook, pairing, groups, mentions), but there are important inconsistencies you should address before installing: 1) The code expects TELEGRAM_BOT_TOKEN, WORKER_URL, and TELEGRAM_WEBHOOK_SECRET environment variables and reads/writes your OpenClaw credentials directory (~/.openclaw), but the skill metadata does not declare any required credentials — treat that as a red flag. 2) The plugin embeds a large assistant-style prompt (BOT_TO_BOT_MENTION_PROMPT) that could influence agent responses; ask the author why this is embedded and how it's used. 3) The plugin runs the 'openclaw config' CLI and writes local JSON pairing files — ensure you trust the source and that the agent runs in a least-privilege/sandboxed environment. Recommended actions: request the author to declare required env vars and document storage paths; review the full index.ts (you have it) or run the plugin in an isolated test agent with no sensitive credentials; only provide the Telegram token and webhook secret to agents you trust and monitor what config keys the plugin writes (channels.telegram.*). If you need higher assurance, ask for removal or explanation of the embedded prompt text and for explicit metadata declaring the needed environment variables.
index.ts:28
Environment variable access combined with network send.
!
index.ts:1
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.
Verification
{
  "hasProvenance": false,
  "scanStatus": "pending",
  "scope": "artifact-only",
  "sourceCommit": "172ec47851ae8a6516032204dce3182fc800e077",
  "sourceRepo": "marxbiotech/moltbot-app",
  "sourceTag": "172ec47851ae8a6516032204dce3182fc800e077",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}
Tags
{
  "latest": "1.0.0"
}