← Back to Skills Marketplace
223
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install telegram-file-browser
Description
Build or improve Telegram inline-button file browsers and menu-style navigators. Use when creating Telegram chat UIs for browsing directories, paging lists,...
Usage Guidance
This skill appears to do exactly what it says: run local Python scripts to present a Telegram-style inline-button file browser rooted in your workspace. Before installing or enabling it for autonomous use, consider: 1) Review the included scripts yourself (they are bundled and readable) to confirm no sensitive paths outside your intended root will be accessed. 2) If you want to limit exposure, change the default root from ~/.openclaw/workspace to a restricted directory or require an explicit root argument. 3) Confirm the agent's message tool behavior and access policy (who can receive sent files). 4) If you do not want the agent to be able to send files automatically, restrict autonomous invocation or require user confirmation before sending attachments. 5) Run the skill in a sandboxed environment if you are concerned about exposing local data. Overall the code contains reasonable path checks and payload validation, and there are no unexplained network endpoints or secret requirements.
Capability Analysis
Type: OpenClaw Skill
Name: telegram-file-browser
Version: 0.1.1
The telegram-file-browser skill is a well-architected tool for navigating directories and managing files via a Telegram interface. It includes proactive security measures such as path normalization and root-jail validation (is_within_root) in build_view.py to prevent directory traversal attacks. Furthermore, it uses opaque identifiers for button callbacks in resolve_callback.py to ensure sensitive file paths are not exposed in the Telegram communication layer, and the bundled scripts use safe subprocess execution patterns.
Capability Assessment
Purpose & Capability
The name/description (Telegram inline-button file browser) matches the included scripts: listing directories, building button layouts, validating callbacks, previewing files, and returning send/send-file plans. The default root (~/.openclaw/workspace) and state path are consistent with a local workspace browser. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included Python scripts via the exec tool and to pass the returned message-tool payloads unchanged to the message tool. The scripts legitimately read the local filesystem (list, preview, and send files) and persist state under the runtime state path. This is in-scope for a file browser, but note the agent will execute project code and read files under the configured workspace; the skill's behavior is not limited to describing UI flows but to actually reading file contents and returning them (or paths) to the messaging tool.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). Nothing is downloaded from the network or installed automatically. The scripts live in the skill bundle and are executed via exec; that is the lowest-risk install mechanism in this model.
Credentials
The skill declares no required env vars, credentials, or external service keys. All file and config access is to paths under the user's home/workspace, which is proportional to a local file-browser capability. The code also contains path checks (is_within_root) and validation preventing raw paths in callback_data, which reduces accidental leakage via callbacks.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It persists state under ~/.openclaw/workspace/.openclaw/telegram-file-browser/state.json and may update that file (expected). One caution: because the skill can read and send files from the workspace (including previews and attachments), an autonomously-invoking agent with permission to call the message tool could exfiltrate workspace files—this is coherent with its purpose but is a potential data-exposure vector you should consider.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install telegram-file-browser - After installation, invoke the skill by name or use
/telegram-file-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Polish Telegram inline-button file browser workflow, validation, and dispatcher-based sending.
v0.1.0
Initial public release: cleaned runtime state, removed hardcoded paths, fixed callback handling, validated packaging.
Metadata
Frequently Asked Questions
What is Telegram File Browser?
Build or improve Telegram inline-button file browsers and menu-style navigators. Use when creating Telegram chat UIs for browsing directories, paging lists,... It is an AI Agent Skill for Claude Code / OpenClaw, with 223 downloads so far.
How do I install Telegram File Browser?
Run "/install telegram-file-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Telegram File Browser free?
Yes, Telegram File Browser is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Telegram File Browser support?
Telegram File Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Telegram File Browser?
It is built and maintained by Just-CJ (@just-cj); the current version is v0.1.1.
More Skills