← Back to Skills Marketplace
Screenshot Telegram Direct
by
niccoreyes
· GitHub ↗
· v1.0.0
· MIT-0
75
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install screenshot-telegram-direct
Description
Capture website screenshots and send to Telegram via direct API. Works around OpenClaw's broken image delivery (issue
Usage Guidance
Key points before installing: (1) Metadata inconsistency — the registry says no env vars but the script requires TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and SNAP_API_KEY. Treat that as a red flag and verify with the author. (2) The script sends the SNAP_API_KEY and the target URL to snap.llm.kaveenk.com; confirm you trust that third party (or run your own screenshot service). (3) Avoid automatically sourcing .env from ~/.bashrc unless you understand the risk of exposing tokens to all shells; prefer sourcing manually per session or using a constrained wrapper. (4) Keep .env out of version control, rotate tokens after testing, and test with a throwaway bot/chat and a non-sensitive URL. (5) If you need higher assurance, ask the publisher for a homepage or source repository, or replace the external snap endpoint with a known/trusted service or self-hosted screenshot tool.
Capability Analysis
Type: OpenClaw Skill
Name: screenshot-telegram-direct
Version: 1.0.0
The skill captures screenshots via a third-party API (snap.llm.kaveenk.com) and sends them to Telegram, intentionally bypassing OpenClaw's native delivery pipeline. It is classified as suspicious due to a JSON injection vulnerability in screenshot-send.sh, where the URL and CAPTION arguments are not sanitized before being passed to curl. Additionally, SKILL.md provides instructions for users to modify their shell profiles (~/.bashrc) to auto-load environment variables, which is a risky persistence practice for managing secrets.
Capability Assessment
Purpose & Capability
The script and SKILL.md both implement capturing a website via an external screenshot API and posting to Telegram — this matches the advertised purpose. However the registry metadata lists no required environment variables, while both SKILL.md and screenshot-send.sh require three secrets (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SNAP_API_KEY). That mismatch between declared requirements and actual runtime needs is a material incoherence.
Instruction Scope
Runtime instructions and the script only call the snapshot service (snap.llm.kaveenk.com) and Telegram API (api.telegram.org), and write a temporary file in /tmp which is removed on success. These actions are within the stated purpose. The docs do recommend auto-sourcing a .env from the skill directory into the user's shell profile (~/.bashrc / ~/.zshrc), which broadens scope by making secrets available to every shell session — this is a potentially risky recommendation and should be optional and clearly explained.
Install Mechanism
No install spec; this is an instruction-only skill with a single helper script. Installation is limited to copying .env, making the script executable, and optionally adding a cron entry — nothing is downloaded or written by an automated installer.
Credentials
The skill requires three sensitive environment values (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SNAP_API_KEY) but the registry metadata advertises none. SNAP_API_KEY is sent to an external domain (snap.llm.kaveenk.com) — trust in that service is required because it will receive the URL and any content necessary to produce screenshots. Recommending global auto-sourcing of .env increases the blast radius if those secrets are compromised.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. The only persistent change the docs suggest is editing a shell profile to auto-load the .env, which is a user action (not automatic) but exposes secrets to all shell sessions if applied.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install screenshot-telegram-direct - After installation, invoke the skill by name or use
/screenshot-telegram-direct - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Screenshot websites and send to Telegram via direct API
Metadata
Frequently Asked Questions
What is Screenshot Telegram Direct?
Capture website screenshots and send to Telegram via direct API. Works around OpenClaw's broken image delivery (issue. It is an AI Agent Skill for Claude Code / OpenClaw, with 75 downloads so far.
How do I install Screenshot Telegram Direct?
Run "/install screenshot-telegram-direct" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Screenshot Telegram Direct free?
Yes, Screenshot Telegram Direct is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Screenshot Telegram Direct support?
Screenshot Telegram Direct is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Screenshot Telegram Direct?
It is built and maintained by niccoreyes (@niccoreyes); the current version is v1.0.0.
More Skills