← Back to Skills Marketplace
Session Context Injector
by
Nissan Dookeran
· GitHub ↗
· v1.0.0
· MIT-0
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install session-context-injector
Description
Reorient a Telegram chat after a session reset. Reads a project's STATUS.md (resume point, blockers, next action) and sends a project-specific context inject...
Usage Guidance
Before installing or enabling: 1) Confirm how the skill obtains the bot token — metadata lists TELEGRAM_BOT_TOKEN but SKILL.md shows an `op read` (1Password) step; clarify which method will be used and update metadata. 2) Verify PROJECTS_DIR and the locations of sessions.json / memory/telegram-groups.json — these filesystem reads are not declared and may expose project content; ensure the agent runs in a workspace you trust. 3) Review the Telegram bot's scope and which chats the bot can message (the skill contains a hard-coded special-case chat_id for Nissan). Limit the bot token permissions and rotate it if you enable the skill. 4) Ask the publisher to remove or explain hard-coded IDs, and to declare any CLI tools (e.g., 1Password CLI) needed at runtime. 5) Test in dry-run mode or a sandboxed environment first to ensure messages, truncation, and HTML formatting behave as expected and that no unintended data is leaked. If you cannot get answers to the above, treat the inconsistencies as a risk and do not grant the bot token or filesystem access.
Capability Analysis
Type: OpenClaw Skill
Name: session-context-injector
Version: 1.0.0
The skill is designed to read local project status files and exfiltrate their content to the Telegram Bot API (api.telegram.org) to provide context to chat sessions. While this aligns with the stated purpose, it utilizes high-risk capabilities including outbound network access and local file system reads. Specific indicators include the use of a hardcoded Telegram user ID ('821071206') for specialized reporting and a potential path traversal vulnerability in the 'parse_status' function within SKILL.md, where the 'slug' parameter is used to construct file paths without explicit sanitization.
Capability Assessment
Purpose & Capability
Name/description align with sending project context into Telegram. Required items declared (python3, TELEGRAM_BOT_TOKEN) are reasonable for that purpose. However, the SKILL.md expects other inputs (bot_token via op read, PROJECTS_DIR, memory files like sessions.json/telegram-groups.json) that are not declared in the registry metadata, which is an incoherence.
Instruction Scope
Instructions tell the agent to read local project files (projects/<slug>/STATUS.md), agent memory files (sessions.json, memory/telegram-groups.json), and to retrieve credentials via `op read`. None of these file paths or the use of the 1Password CLI are declared in the skill metadata. The skill will also transmit project STATUS content to external endpoints (api.telegram.org) — expected for the purpose, but you should confirm that sending potentially sensitive project content to Telegram chats is acceptable and limited to intended chat IDs.
Install Mechanism
No install spec and no included code files — instruction-only skill. Low disk/installation risk because nothing is downloaded or written by the skill bundle itself.
Credentials
Metadata declares a single credential (TELEGRAM_BOT_TOKEN), which is appropriate, but the SKILL.md also documents fetching `bot_token` with `op read "op://OpenClaw/Telegram Bot Token/credential"` (1Password) and references PROJECTS_DIR and agent memory files. The additional secret-retrieval and filesystem access are not reflected in requires.env or required config paths, creating a mismatch and potential surprise access to secrets or local files.
Persistence & Privilege
always is false (good). The skill can be autonomously invoked by the agent (default), which combined with an available bot token means it could send messages without manual approval. Autonomous invocation alone is normal, but because the skill posts externally and reads local project state, you should be aware of this behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install session-context-injector - After installation, invoke the skill by name or use
/session-context-injector - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
session-context-injector v1.0.0 — Initial release
- Introduces project-aware Telegram chat reorientation after session reset, room creation, or collaborator join
- Reads STATUS.md for resume point and blockers, injecting current project context into group chats or DMs
- Sends smart context messages via Telegram Bot API (HTML mode) with tailored variants: group, DM summary, and welcome
- Logs each injection and handles missing/partial data gracefully
- Supports out-of-the-box use with Clawhub playbooks for room/session management
Metadata
Frequently Asked Questions
What is Session Context Injector?
Reorient a Telegram chat after a session reset. Reads a project's STATUS.md (resume point, blockers, next action) and sends a project-specific context inject... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.
How do I install Session Context Injector?
Run "/install session-context-injector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Session Context Injector free?
Yes, Session Context Injector is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Session Context Injector support?
Session Context Injector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Session Context Injector?
It is built and maintained by Nissan Dookeran (@nissan); the current version is v1.0.0.
More Skills