Back to plugin
Pluginv1.2.0
ClawScan security
Telegram Ui · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 5:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, docs, and runtime instructions are coherent: it only needs a Telegram bot token/chat id and performs the UI actions (buttons, reactions, pin/unpin, location, dice) it describes; there are no unrelated secrets or external endpoints beyond the Telegram Bot API.
- Guidance
- This plugin appears to do what it says: it will use your Telegram bot token/chat id (auto-detected if you have a Telegram channel configured) to send messages, inline buttons, reactions, pins/unpins, locations, and dice. Before installing: (1) confirm the bot token you plan to use and that the bot has required permissions (ability to send messages, pin messages, and — for reactions — Bot API ≥ 7.0), (2) be aware that certain user prompts (per SKILL.md) will cause the agent to run a full self-test sequence that performs multiple actions in your chat, and (3) if you want to audit the behavior, the plugin source is present in the package (no hidden network endpoints). If you don't want background activity, do not enable the plugin or disable it in your OpenClaw config.
Review Dimensions
- Purpose & Capability
- okName/description match the code and manifest: the package implements Telegram Bot API calls (sendMessage, editMessageText, sendLocation, sendDice, setMessageReaction, pin/unpin). It expects a bot token and chat id (auto-detected from OpenClaw channels or TELEGRAM_* env vars) which are exactly what this capability legitimately needs.
- Instruction Scope
- noteSKILL.md and the runtime code are scoped to Telegram actions only. The agent will suppress original messages containing tags and send Telegram-native UI actions instead. Note: the SKILL.md defines a 'quick test routine' that tells an agent to exercise every capability when it sees certain trigger phrases — that behavior is expected for testing but worth being aware of (it will cause the bot to take multiple actions if triggered).
- Install Mechanism
- noteRegistry shows no custom install script (low risk). The repo includes source files and a package.json (dev deps only). There are no downloads from untrusted hosts or extract/install steps in the manifest; installation happens via the OpenClaw plugin mechanism (openclaw plugin add), which is the expected flow.
- Credentials
- okThe plugin requires only a Telegram bot token and chat id (optional; auto-resolves from channels.telegram or TELEGRAM_BOT_TOKEN / TELEGRAM_CHAT_ID). No other credentials, config paths, or unrelated environment variables are requested or accessed.
- Persistence & Privilege
- okalways:false (not force-included). The plugin registers a background cleanup service and a /uistatus command and keeps prompts in an in-memory store with a TTL — no persistent system-wide changes or modifications to other skills' configs. It can be invoked autonomously (platform default), which combined with the lack of unrelated credentials is not a concern here.