← Back to Skills Marketplace
vt-mmm

Telegram Contract Ops

by Vĩnh Tâm · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
261
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install telegram-contract-ops
Description
Automate Vietnamese contract creation and eID intake via Telegram by parsing inputs, OCRing ID images, generating .docx contracts, and routing workflows by g...
Usage Guidance
This skill appears to do what it says (Telegram bot + OCR + docx generation), but there are important inconsistencies to resolve before installing: - The package metadata lists no required env vars or binaries, yet the code requires TELEGRAM_BOT_TOKEN, TELEGRAM_CONTRACT_CHAT_ID, TELEGRAM_MANAGEMENT_CHAT_ID, PLAN_B_OUTPUT_DIR, PLAN_B_TEMPLATE_DOCX and depends on node, python3, and (for OCR) swift/Apple Vision. Treat those as required secrets/runtimes. - Review all scripts locally before running. Pay attention to: execFileSync/child_process calls (the code runs python and swift), file write paths (.state/, plan-b/output, temp .ocr.json), and the Telegram usage (it calls Telegram API directly). These are expected, but verify paths and token usage. - Fix or override hard-coded defaults before deployment: the Python generator contains defaults pointing at /Users/vtammm/.openclaw/workspace which look like developer-specific paths — change these to appropriate, isolated directories so files aren't written into unexpected home directories. - Limit bot token scope and group membership. Use a dedicated Telegram bot token with minimal privileges, add the bot only to intended groups, rotate the token after setup, and store tokens in a local, access-controlled .env file (not checked into source control). - Protect PII and artifacts. OCR outputs, ID images, and mapped JSON contain sensitive personal data; run the skill on a machine with disk encryption, set restrictive file permissions on output/state directories, and implement a cleanup/retention policy. - If you need Plan C OCR on non-macOS, the repository warns the Swift/Apple Vision OCR is macOS-only. Replace or audit any alternate OCR engine before enabling it. If you trust the author and will run the skill in a controlled environment after making the above changes (declare required env vars and runtime binaries in your deployment policy, correct default paths, and secure tokens/artifacts), the code itself is consistent with its stated purpose. If you cannot validate or edit the code and environment, avoid installing it on production systems.
Capability Analysis
Type: OpenClaw Skill Name: telegram-contract-ops Version: 1.0.1 The skill bundle provides a functional Telegram bot workflow for generating Vietnamese contracts and performing OCR on electronic IDs. While the scripts utilize potentially sensitive operations such as file system access, image downloading from Telegram, and local command execution via 'execFileSync' (in scripts like telegram-planb-bot.js and plan-b-telegram-to-docx.js), these actions are strictly aligned with the stated purpose of the skill. There is no evidence of data exfiltration, unauthorized remote access, or malicious prompt injection. The use of macOS-specific Swift code (plan-c-ocr.swift) for OCR is a legitimate implementation choice for the described environment.
Capability Assessment
Purpose & Capability
The scripts implement exactly what the description promises (Telegram bot flows, OCR via Apple Vision, parsing eID fields, mapping to a docx generator). That functionality legitimately needs access to Telegram and local runtimes. However the manifest/registry metadata declares no required env vars or binaries even though the code depends on them, which is an incoherence to flag.
Instruction Scope
The SKILL.md describes only the bot, Plan B/Plan C flows, and deployment steps; it instructs the operator to keep tokens and group IDs out of the packaged skill. The runtime instructions and references are scoped to the stated task and do not ask the agent to read unrelated system secrets. (They do, however, instruct operators to create local .env files with sensitive tokens — which is expected for a Telegram bot.)
Install Mechanism
No install spec (instruction-only from registry) is lower risk, and the skill's files are bundled as scripts rather than fetching remote code. That's reasonable. But the code executes local subprocesses (python3, node, swift) without declaring those runtime binaries in the registry, creating a platform/config mismatch that should be fixed.
Credentials
The package metadata lists no required environment variables, yet the bot and scripts clearly require TELEGRAM_BOT_TOKEN, TELEGRAM_CONTRACT_CHAT_ID / TELEGRAM_MANAGEMENT_CHAT_ID, PLAN_B_TEMPLATE_DOCX, PLAN_B_OUTPUT_DIR and rely on runtime PATH entries for node/python3/swift. This omission is a meaningful incoherence: required secrets are used at runtime but not declared, preventing an accurate vetting of the skill's claimed needs.
Persistence & Privilege
The skill stores state and artifacts under the installation working directory (.state/, plan-b/output, temp OCR JSON files). It does not request elevated system privileges or force installation (always:false). The persistent artifacts can contain sensitive PII (ID images, OCR text, mapped JSON), so operators should ensure file permissions and rotation/cleanup policies.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install telegram-contract-ops
  3. After installation, invoke the skill by name or use /telegram-contract-ops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add troubleshooting, Windows/macOS docs, Windows env examples, wrappers, and updated deployment guidance
v1.0.0
Initial release: Plan B docx generation, Plan C eID OCR, Telegram bot workflow
Metadata
Slug telegram-contract-ops
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Telegram Contract Ops?

Automate Vietnamese contract creation and eID intake via Telegram by parsing inputs, OCRing ID images, generating .docx contracts, and routing workflows by g... It is an AI Agent Skill for Claude Code / OpenClaw, with 261 downloads so far.

How do I install Telegram Contract Ops?

Run "/install telegram-contract-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Telegram Contract Ops free?

Yes, Telegram Contract Ops is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Telegram Contract Ops support?

Telegram Contract Ops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Telegram Contract Ops?

It is built and maintained by Vĩnh Tâm (@vt-mmm); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments