← 返回 Skills 市场
niccoreyes

Screenshot Telegram Direct

作者 niccoreyes · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
75
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install screenshot-telegram-direct
功能描述
Capture website screenshots and send to Telegram via direct API. Works around OpenClaw's broken image delivery (issue
安全使用建议
Key points before installing: (1) Metadata inconsistency — the registry says no env vars but the script requires TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and SNAP_API_KEY. Treat that as a red flag and verify with the author. (2) The script sends the SNAP_API_KEY and the target URL to snap.llm.kaveenk.com; confirm you trust that third party (or run your own screenshot service). (3) Avoid automatically sourcing .env from ~/.bashrc unless you understand the risk of exposing tokens to all shells; prefer sourcing manually per session or using a constrained wrapper. (4) Keep .env out of version control, rotate tokens after testing, and test with a throwaway bot/chat and a non-sensitive URL. (5) If you need higher assurance, ask the publisher for a homepage or source repository, or replace the external snap endpoint with a known/trusted service or self-hosted screenshot tool.
功能分析
Type: OpenClaw Skill Name: screenshot-telegram-direct Version: 1.0.0 The skill captures screenshots via a third-party API (snap.llm.kaveenk.com) and sends them to Telegram, intentionally bypassing OpenClaw's native delivery pipeline. It is classified as suspicious due to a JSON injection vulnerability in screenshot-send.sh, where the URL and CAPTION arguments are not sanitized before being passed to curl. Additionally, SKILL.md provides instructions for users to modify their shell profiles (~/.bashrc) to auto-load environment variables, which is a risky persistence practice for managing secrets.
能力评估
Purpose & Capability
The script and SKILL.md both implement capturing a website via an external screenshot API and posting to Telegram — this matches the advertised purpose. However the registry metadata lists no required environment variables, while both SKILL.md and screenshot-send.sh require three secrets (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SNAP_API_KEY). That mismatch between declared requirements and actual runtime needs is a material incoherence.
Instruction Scope
Runtime instructions and the script only call the snapshot service (snap.llm.kaveenk.com) and Telegram API (api.telegram.org), and write a temporary file in /tmp which is removed on success. These actions are within the stated purpose. The docs do recommend auto-sourcing a .env from the skill directory into the user's shell profile (~/.bashrc / ~/.zshrc), which broadens scope by making secrets available to every shell session — this is a potentially risky recommendation and should be optional and clearly explained.
Install Mechanism
No install spec; this is an instruction-only skill with a single helper script. Installation is limited to copying .env, making the script executable, and optionally adding a cron entry — nothing is downloaded or written by an automated installer.
Credentials
The skill requires three sensitive environment values (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SNAP_API_KEY) but the registry metadata advertises none. SNAP_API_KEY is sent to an external domain (snap.llm.kaveenk.com) — trust in that service is required because it will receive the URL and any content necessary to produce screenshots. Recommending global auto-sourcing of .env increases the blast radius if those secrets are compromised.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. The only persistent change the docs suggest is editing a shell profile to auto-load the .env, which is a user action (not automatic) but exposes secrets to all shell sessions if applied.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install screenshot-telegram-direct
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /screenshot-telegram-direct 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Screenshot websites and send to Telegram via direct API
元数据
Slug screenshot-telegram-direct
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Screenshot Telegram Direct 是什么?

Capture website screenshots and send to Telegram via direct API. Works around OpenClaw's broken image delivery (issue. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 75 次。

如何安装 Screenshot Telegram Direct?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install screenshot-telegram-direct」即可一键安装,无需额外配置。

Screenshot Telegram Direct 是免费的吗?

是的,Screenshot Telegram Direct 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Screenshot Telegram Direct 支持哪些平台?

Screenshot Telegram Direct 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Screenshot Telegram Direct?

由 niccoreyes(@niccoreyes)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论