← Back to Skills Marketplace
956
Downloads
0
Stars
3
Active Installs
13
Versions
Install in OpenClaw
/install openclaw-tg-canvas
Description
Telegram Mini App Canvas with terminal and optional Control UI proxy. Renders agent-generated content (HTML, markdown, A2UI) in a Telegram Mini App; push wit...
Usage Guidance
This skill appears to do exactly what it says, but it exposes high privileges that you must manage carefully. Before installing:
- Treat the terminal feature as if you were installing remote shell access: only put trusted Telegram user IDs into ALLOWED_USER_IDS. If you don't need the terminal, do not enable it (note: the UI feature is compiled in, but access still requires Telegram auth). Consider disabling or removing the PTY code if you want to eliminate this risk entirely.
- Always set a strong PUSH_TOKEN and keep BOT_TOKEN and JWT_SECRET secret. The server refuses to start without PUSH_TOKEN; verify it is present and random (eg. openssl rand -hex 32).
- Understand cloudflared behavior: tunnel traffic appears as localhost, so IP loopback checks are ineffective. The code author is aware and enforces PUSH_TOKEN, but misconfiguration could expose /push or /clear. Test endpoints from outside before trusting them.
- If you enable the OpenClaw proxy (ENABLE_OPENCLAW_PROXY=true) be careful with OPENCLAW_GATEWAY_TOKEN; only set it if necessary and ensure the proxied origin is added to the gateway's allowedOrigins.
- Review server.js and the startup scripts yourself (they're included) to confirm they match your operational expectations (especially JWT lifetime, token verification, and that the server does not read unexpected local credential files in your deployment setup).
- Run the service in an isolated environment (or behind an authenticated reverse proxy / domain + TLS) for initial testing, and routinely update node-pty/ws dependencies for security patches.
If you want, I can point to the exact lines where the PTY is spawned and where PUSH_TOKEN is enforced so you can audit them directly.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-tg-canvas
Version: 0.2.6
The skill is classified as suspicious primarily due to a critical Cross-Site Scripting (XSS) vulnerability in `miniapp/app.js`. The client-side code directly injects agent-provided HTML content using `innerHTML` and explicitly re-executes `<script>` tags without sanitization, allowing a malicious agent to execute arbitrary JavaScript within the Mini App. While the skill transparently discloses high-privilege features like a JWT-gated server-side terminal (shell access) and an optional OpenClaw Control UI proxy, and implements robust authentication and `PUSH_TOKEN` enforcement to mitigate `cloudflared` loopback bypass, the XSS vulnerability is a significant flaw that enables attacks against Mini App users, classifying it as suspicious rather than benign or malicious.
Capability Assessment
Purpose & Capability
Name/description align with required binaries (node, cloudflared) and the code (HTTP/WebSocket server, miniapp, node-pty). Required env vars (BOT_TOKEN, ALLOWED_USER_IDS, JWT_SECRET, MINIAPP_URL, PUSH_TOKEN) are all justifiable: BOT_TOKEN and ALLOWED_USER_IDS for Telegram auth, JWT_SECRET for session JWTs, PUSH_TOKEN to protect loopback-only push endpoints when a tunnel is used, and MINIAPP_URL for bot setup. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and README clearly document the server endpoints, the JWT-auth flow, and that the terminal opens a server-side PTY. The provided scripts (setup-bot.js, start.sh) read a local .env when used for setup, but server.js itself does not auto-load local credential files; this matches the SKILL.md FAQ. The instructions appropriately call out cloudflared loopback behavior and require PUSH_TOKEN. Because the terminal spawns a shell, the runtime instructions grant a high-privilege capability that must be intentionally enabled and tightly access-controlled (ALLOWED_USER_IDS).
Install Mechanism
There is no remote download or extract in the registry metadata; package.json lists minimal Node deps (node-pty, ws). SKILL.md recommends npm install which matches package.json. Requiring cloudflared as a binary is appropriate for the documented Cloudflare tunnel usage. No suspicious remote install URLs or archives are present.
Credentials
Requested environment variables are proportionate to the stated functionality. PUSH_TOKEN is explicitly required and enforced at startup (the server exits if missing) — this is appropriate given the cloudflared loopback bypass. MINIAPP_URL is primarily needed for bot setup (setup-bot.js), which explains its inclusion. The optional OPENCLAW_GATEWAY_TOKEN is only required if the proxy is enabled; that is explained in docs. No unrelated secrets or excessive env requirements were found.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. However, the in-scope capability to spawn a server-side PTY (bash) is a real and significant privilege — anyone granted access via Telegram initData (and who is in ALLOWED_USER_IDS) can execute shell commands as the process user. This is expected behavior for the feature but poses operational risk if ALLOWED_USER_IDS, PUSH_TOKEN, BOT_TOKEN, or JWT_SECRET are mismanaged.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-tg-canvas - After installation, invoke the skill by name or use
/openclaw-tg-canvas - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.6
Fix skill name on clawhub registry
v0.2.5
Remove all stale ~/.openclaw/openclaw.json references from docs; consolidate config table; proxy off by default confirmed in all files.
v0.2.4
Fix stale openclaw.json comment in server.js; add Security FAQ to SKILL.md with direct answers: no file reads, proxy off by default, terminal auth documented.
v0.2.3
Docs: explicitly declare terminal (high-privilege PTY/bash) and Control UI proxy capabilities. Fix README contradictions about proxy default and credential file access.
v0.2.2
Security: remove implicit ~/.openclaw/openclaw.json credential read; OPENCLAW_GATEWAY_TOKEN must be set explicitly. ENABLE_OPENCLAW_PROXY defaults to false.
v0.2.1
Security: ENABLE_OPENCLAW_PROXY defaults to false; file access gated behind explicit opt-in. Terminal mode (xterm.js+node-pty), mobile key toolbar, dynamic font size.
v0.2.0
feat: terminal mode — xterm.js v5.3.0 + node-pty. tg-canvas terminal activates a full bash PTY in the Mini App; tg-canvas clear exits. JWT-auth gated, PTY killed on disconnect.
v1.0.7
Security hardening: auth-gated /oc control proxy, ws fixes, and docs updates
v0.1.4
Security fix: require PUSH_TOKEN; fix cloudflared loopback bypass. The loopback-only IP check is bypassed when cloudflared is in use (tunnel traffic appears as 127.0.0.1). PUSH_TOKEN was optional — now required at startup. /clear endpoint also now enforces PUSH_TOKEN (previously had no token check at all).
v0.1.3
Security: add server kind metadata, endpoint exposure table, explicit loopback enforcement docs, PUSH_TOKEN recommendation
v0.1.2
Cross-link GitHub and ClawhHub in README and SKILL.md
v0.1.1
- Added key environment variables (BOT_TOKEN, ALLOWED_USER_IDS, JWT_SECRET, MINIAPP_URL) to the skill metadata for improved clarity and installation requirements.
- No functional code changes; documentation and metadata update only.
v0.1.0
Initial release of tg-canvas: Telegram Mini App Canvas
- Renders agent-generated HTML or markdown securely in a Telegram Mini App.
- Authenticates users with Telegram `initData` and restricts access by user ID.
- Supports content updates via both a CLI (`tg-canvas push`) and a local HTTP API endpoint.
- Protects push endpoint with loopback-only access and optional shared token.
- Provides convenience commands to push, clear, and check server health.
- Easy setup instructions for Node.js, cloudflared, and Telegram bot integration.
Metadata
Frequently Asked Questions
What is TG Canvas Mini App?
Telegram Mini App Canvas with terminal and optional Control UI proxy. Renders agent-generated content (HTML, markdown, A2UI) in a Telegram Mini App; push wit... It is an AI Agent Skill for Claude Code / OpenClaw, with 956 downloads so far.
How do I install TG Canvas Mini App?
Run "/install openclaw-tg-canvas" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TG Canvas Mini App free?
Yes, TG Canvas Mini App is completely free (open-source). You can download, install and use it at no cost.
Which platforms does TG Canvas Mini App support?
TG Canvas Mini App is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TG Canvas Mini App?
It is built and maintained by Wei Dai (@clvv); the current version is v0.2.6.
More Skills