← 返回 Skills 市场
clvv

TG Canvas Mini App

作者 Wei Dai · GitHub ↗ · v0.2.6
cross-platform ⚠ suspicious
956
总下载
0
收藏
3
当前安装
13
版本数
在 OpenClaw 中安装
/install openclaw-tg-canvas
功能描述
Telegram Mini App Canvas with terminal and optional Control UI proxy. Renders agent-generated content (HTML, markdown, A2UI) in a Telegram Mini App; push wit...
安全使用建议
This skill appears to do exactly what it says, but it exposes high privileges that you must manage carefully. Before installing: - Treat the terminal feature as if you were installing remote shell access: only put trusted Telegram user IDs into ALLOWED_USER_IDS. If you don't need the terminal, do not enable it (note: the UI feature is compiled in, but access still requires Telegram auth). Consider disabling or removing the PTY code if you want to eliminate this risk entirely. - Always set a strong PUSH_TOKEN and keep BOT_TOKEN and JWT_SECRET secret. The server refuses to start without PUSH_TOKEN; verify it is present and random (eg. openssl rand -hex 32). - Understand cloudflared behavior: tunnel traffic appears as localhost, so IP loopback checks are ineffective. The code author is aware and enforces PUSH_TOKEN, but misconfiguration could expose /push or /clear. Test endpoints from outside before trusting them. - If you enable the OpenClaw proxy (ENABLE_OPENCLAW_PROXY=true) be careful with OPENCLAW_GATEWAY_TOKEN; only set it if necessary and ensure the proxied origin is added to the gateway's allowedOrigins. - Review server.js and the startup scripts yourself (they're included) to confirm they match your operational expectations (especially JWT lifetime, token verification, and that the server does not read unexpected local credential files in your deployment setup). - Run the service in an isolated environment (or behind an authenticated reverse proxy / domain + TLS) for initial testing, and routinely update node-pty/ws dependencies for security patches. If you want, I can point to the exact lines where the PTY is spawned and where PUSH_TOKEN is enforced so you can audit them directly.
功能分析
Type: OpenClaw Skill Name: openclaw-tg-canvas Version: 0.2.6 The skill is classified as suspicious primarily due to a critical Cross-Site Scripting (XSS) vulnerability in `miniapp/app.js`. The client-side code directly injects agent-provided HTML content using `innerHTML` and explicitly re-executes `<script>` tags without sanitization, allowing a malicious agent to execute arbitrary JavaScript within the Mini App. While the skill transparently discloses high-privilege features like a JWT-gated server-side terminal (shell access) and an optional OpenClaw Control UI proxy, and implements robust authentication and `PUSH_TOKEN` enforcement to mitigate `cloudflared` loopback bypass, the XSS vulnerability is a significant flaw that enables attacks against Mini App users, classifying it as suspicious rather than benign or malicious.
能力评估
Purpose & Capability
Name/description align with required binaries (node, cloudflared) and the code (HTTP/WebSocket server, miniapp, node-pty). Required env vars (BOT_TOKEN, ALLOWED_USER_IDS, JWT_SECRET, MINIAPP_URL, PUSH_TOKEN) are all justifiable: BOT_TOKEN and ALLOWED_USER_IDS for Telegram auth, JWT_SECRET for session JWTs, PUSH_TOKEN to protect loopback-only push endpoints when a tunnel is used, and MINIAPP_URL for bot setup. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and README clearly document the server endpoints, the JWT-auth flow, and that the terminal opens a server-side PTY. The provided scripts (setup-bot.js, start.sh) read a local .env when used for setup, but server.js itself does not auto-load local credential files; this matches the SKILL.md FAQ. The instructions appropriately call out cloudflared loopback behavior and require PUSH_TOKEN. Because the terminal spawns a shell, the runtime instructions grant a high-privilege capability that must be intentionally enabled and tightly access-controlled (ALLOWED_USER_IDS).
Install Mechanism
There is no remote download or extract in the registry metadata; package.json lists minimal Node deps (node-pty, ws). SKILL.md recommends npm install which matches package.json. Requiring cloudflared as a binary is appropriate for the documented Cloudflare tunnel usage. No suspicious remote install URLs or archives are present.
Credentials
Requested environment variables are proportionate to the stated functionality. PUSH_TOKEN is explicitly required and enforced at startup (the server exits if missing) — this is appropriate given the cloudflared loopback bypass. MINIAPP_URL is primarily needed for bot setup (setup-bot.js), which explains its inclusion. The optional OPENCLAW_GATEWAY_TOKEN is only required if the proxy is enabled; that is explained in docs. No unrelated secrets or excessive env requirements were found.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. However, the in-scope capability to spawn a server-side PTY (bash) is a real and significant privilege — anyone granted access via Telegram initData (and who is in ALLOWED_USER_IDS) can execute shell commands as the process user. This is expected behavior for the feature but poses operational risk if ALLOWED_USER_IDS, PUSH_TOKEN, BOT_TOKEN, or JWT_SECRET are mismanaged.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-tg-canvas
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-tg-canvas 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.6
Fix skill name on clawhub registry
v0.2.5
Remove all stale ~/.openclaw/openclaw.json references from docs; consolidate config table; proxy off by default confirmed in all files.
v0.2.4
Fix stale openclaw.json comment in server.js; add Security FAQ to SKILL.md with direct answers: no file reads, proxy off by default, terminal auth documented.
v0.2.3
Docs: explicitly declare terminal (high-privilege PTY/bash) and Control UI proxy capabilities. Fix README contradictions about proxy default and credential file access.
v0.2.2
Security: remove implicit ~/.openclaw/openclaw.json credential read; OPENCLAW_GATEWAY_TOKEN must be set explicitly. ENABLE_OPENCLAW_PROXY defaults to false.
v0.2.1
Security: ENABLE_OPENCLAW_PROXY defaults to false; file access gated behind explicit opt-in. Terminal mode (xterm.js+node-pty), mobile key toolbar, dynamic font size.
v0.2.0
feat: terminal mode — xterm.js v5.3.0 + node-pty. tg-canvas terminal activates a full bash PTY in the Mini App; tg-canvas clear exits. JWT-auth gated, PTY killed on disconnect.
v1.0.7
Security hardening: auth-gated /oc control proxy, ws fixes, and docs updates
v0.1.4
Security fix: require PUSH_TOKEN; fix cloudflared loopback bypass. The loopback-only IP check is bypassed when cloudflared is in use (tunnel traffic appears as 127.0.0.1). PUSH_TOKEN was optional — now required at startup. /clear endpoint also now enforces PUSH_TOKEN (previously had no token check at all).
v0.1.3
Security: add server kind metadata, endpoint exposure table, explicit loopback enforcement docs, PUSH_TOKEN recommendation
v0.1.2
Cross-link GitHub and ClawhHub in README and SKILL.md
v0.1.1
- Added key environment variables (BOT_TOKEN, ALLOWED_USER_IDS, JWT_SECRET, MINIAPP_URL) to the skill metadata for improved clarity and installation requirements. - No functional code changes; documentation and metadata update only.
v0.1.0
Initial release of tg-canvas: Telegram Mini App Canvas - Renders agent-generated HTML or markdown securely in a Telegram Mini App. - Authenticates users with Telegram `initData` and restricts access by user ID. - Supports content updates via both a CLI (`tg-canvas push`) and a local HTTP API endpoint. - Protects push endpoint with loopback-only access and optional shared token. - Provides convenience commands to push, clear, and check server health. - Easy setup instructions for Node.js, cloudflared, and Telegram bot integration.
元数据
Slug openclaw-tg-canvas
版本 0.2.6
许可证
累计安装 3
当前安装数 3
历史版本数 13
常见问题

TG Canvas Mini App 是什么?

Telegram Mini App Canvas with terminal and optional Control UI proxy. Renders agent-generated content (HTML, markdown, A2UI) in a Telegram Mini App; push wit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 956 次。

如何安装 TG Canvas Mini App?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-tg-canvas」即可一键安装,无需额外配置。

TG Canvas Mini App 是免费的吗?

是的,TG Canvas Mini App 完全免费(开源免费),可自由下载、安装和使用。

TG Canvas Mini App 支持哪些平台?

TG Canvas Mini App 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TG Canvas Mini App?

由 Wei Dai(@clvv)开发并维护,当前版本 v0.2.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论