← 返回 Skills 市场
223
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install telegram-file-browser
功能描述
Build or improve Telegram inline-button file browsers and menu-style navigators. Use when creating Telegram chat UIs for browsing directories, paging lists,...
安全使用建议
This skill appears to do exactly what it says: run local Python scripts to present a Telegram-style inline-button file browser rooted in your workspace. Before installing or enabling it for autonomous use, consider: 1) Review the included scripts yourself (they are bundled and readable) to confirm no sensitive paths outside your intended root will be accessed. 2) If you want to limit exposure, change the default root from ~/.openclaw/workspace to a restricted directory or require an explicit root argument. 3) Confirm the agent's message tool behavior and access policy (who can receive sent files). 4) If you do not want the agent to be able to send files automatically, restrict autonomous invocation or require user confirmation before sending attachments. 5) Run the skill in a sandboxed environment if you are concerned about exposing local data. Overall the code contains reasonable path checks and payload validation, and there are no unexplained network endpoints or secret requirements.
功能分析
Type: OpenClaw Skill
Name: telegram-file-browser
Version: 0.1.1
The telegram-file-browser skill is a well-architected tool for navigating directories and managing files via a Telegram interface. It includes proactive security measures such as path normalization and root-jail validation (is_within_root) in build_view.py to prevent directory traversal attacks. Furthermore, it uses opaque identifiers for button callbacks in resolve_callback.py to ensure sensitive file paths are not exposed in the Telegram communication layer, and the bundled scripts use safe subprocess execution patterns.
能力评估
Purpose & Capability
The name/description (Telegram inline-button file browser) matches the included scripts: listing directories, building button layouts, validating callbacks, previewing files, and returning send/send-file plans. The default root (~/.openclaw/workspace) and state path are consistent with a local workspace browser. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included Python scripts via the exec tool and to pass the returned message-tool payloads unchanged to the message tool. The scripts legitimately read the local filesystem (list, preview, and send files) and persist state under the runtime state path. This is in-scope for a file browser, but note the agent will execute project code and read files under the configured workspace; the skill's behavior is not limited to describing UI flows but to actually reading file contents and returning them (or paths) to the messaging tool.
Install Mechanism
There is no install spec (instruction-only skill with bundled scripts). Nothing is downloaded from the network or installed automatically. The scripts live in the skill bundle and are executed via exec; that is the lowest-risk install mechanism in this model.
Credentials
The skill declares no required env vars, credentials, or external service keys. All file and config access is to paths under the user's home/workspace, which is proportional to a local file-browser capability. The code also contains path checks (is_within_root) and validation preventing raw paths in callback_data, which reduces accidental leakage via callbacks.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It persists state under ~/.openclaw/workspace/.openclaw/telegram-file-browser/state.json and may update that file (expected). One caution: because the skill can read and send files from the workspace (including previews and attachments), an autonomously-invoking agent with permission to call the message tool could exfiltrate workspace files—this is coherent with its purpose but is a potential data-exposure vector you should consider.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install telegram-file-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/telegram-file-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Polish Telegram inline-button file browser workflow, validation, and dispatcher-based sending.
v0.1.0
Initial public release: cleaned runtime state, removed hardcoded paths, fixed callback handling, validated packaging.
元数据
常见问题
Telegram File Browser 是什么?
Build or improve Telegram inline-button file browsers and menu-style navigators. Use when creating Telegram chat UIs for browsing directories, paging lists,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 223 次。
如何安装 Telegram File Browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install telegram-file-browser」即可一键安装,无需额外配置。
Telegram File Browser 是免费的吗?
是的,Telegram File Browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Telegram File Browser 支持哪些平台?
Telegram File Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Telegram File Browser?
由 Just-CJ(@just-cj)开发并维护,当前版本 v0.1.1。
推荐 Skills