← 返回 Skills 市场
zack-dev-cm

Telegram Mini App Security Auditor

作者 Zakhar Pashkin · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
84
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install telegram-miniapp-security-auditor
功能描述
Audit Telegram Mini App projects for launch safety before connecting bot tokens or public channels. Use when Codex needs to review a Telegram WebApp/Mini App...
安全使用建议
This skill appears coherent and implements a conservative static auditor. Before using it: 1) Inspect scripts/audit_tma.py yourself (it is included) to confirm it only reads files and does not make network calls or write unexpected data. 2) Run the auditor on a local copy of the project, not on a system with live credentials; do not pass real bot tokens. 3) Review any BLOCK/REVIEW findings and manually inspect flagged files before connecting production bot tokens or launching channels. 4) If you plan to run the optional trustclaw step, ensure trustclaw is a trusted tool. 5) Verify the repository homepage and publisher; if the source or author is unfamiliar, run the script in an isolated environment (container or VM) first.
功能分析
Type: OpenClaw Skill Name: telegram-miniapp-security-auditor Version: 1.0.1 The skill is a static security auditor designed to identify vulnerabilities in Telegram Mini App projects. The primary logic in `scripts/audit_tma.py` performs local file scanning using regular expressions to detect hardcoded bot tokens, insecure authentication (initData validation), and misconfigured CORS or frame headers. The script and accompanying documentation (`SKILL.md`, `references/tma-security-checklist.md`) are well-structured, transparent, and lack any indicators of data exfiltration, malicious execution, or prompt injection. All findings are written to local output files as specified by the user.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name/description match the provided artifacts: SKILL.md, a checklist, report template, and a bundled Python auditor (scripts/audit_tma.py) that implements the checks described. There are no unexplained environment variables, cloud credentials, or unrelated binaries required.
Instruction Scope
SKILL.md instructs a local static scan of project files and to manually inspect flagged files. The instructions do not request reading unrelated system files, secrets, or automatic transmission of results. The doc suggests an optional follow-up (trustclaw) but keeps live Telegram actions out of scope unless explicitly requested.
Install Mechanism
No install spec is provided; the skill is instruction-only with a bundled Python script. Nothing is downloaded from remote URLs at install time. The included script will be run locally by the user (python3 scripts/audit_tma.py), not automatically installed by the registry.
Credentials
The skill declares no required environment variables or credentials. The auditor searches repository files for token-like literals and secrets (expected behavior for a scanner) but does not require access to external keys or config paths.
Persistence & Privilege
always:false and user-invocable:true (no forced persistence). skill-policy.json forbids shell and package installation and restricts network hosts to ["api"] — the skill itself is a local static auditor and does not request persistent privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install telegram-miniapp-security-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /telegram-miniapp-security-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add public ClawHub metadata and replace the local absolute script path with the packaged skill baseDir path.
v1.0.0
Initial public release with static Telegram Mini App audit script, Codex skill instructions, and CI tests.
元数据
Slug telegram-miniapp-security-auditor
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Telegram Mini App Security Auditor 是什么?

Audit Telegram Mini App projects for launch safety before connecting bot tokens or public channels. Use when Codex needs to review a Telegram WebApp/Mini App... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。

如何安装 Telegram Mini App Security Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install telegram-miniapp-security-auditor」即可一键安装,无需额外配置。

Telegram Mini App Security Auditor 是免费的吗?

是的,Telegram Mini App Security Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Telegram Mini App Security Auditor 支持哪些平台?

Telegram Mini App Security Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Telegram Mini App Security Auditor?

由 Zakhar Pashkin(@zack-dev-cm)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论