← 返回 Skills 市场
Telegram Readonly
作者
Robin | Liquidium
· GitHub ↗
· v0.1.2
· MIT-0
266
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install telegram-readonly
功能描述
Read the user's personal Telegram account in a controlled, read-only way via Telethon/MTProto. Use when you need to inspect Telegram chats, list dialogs, rea...
安全使用建议
This skill implements a read-only Telethon client and legitimately needs TELEGRAM_API_ID, TELEGRAM_API_HASH, and a session string; however the registry metadata does not declare those env vars — that's an inconsistency you should not ignore. Before installing: (1) inspect the upstream GitHub repo (https://github.com/ropl-btc/telegram-readonly-cli) — review code, recent commits, open issues, and releases; (2) prefer cloning and reviewing locally before pipx installing; (3) do not provide your session string or credentials to untrusted agents or services; use the interactive auth flow and protect ~/.config/telegram-readonly/config.json (permission 600 is set by the script); (4) avoid exposing TELEGRAM_SESSION_STRING via environment to other processes/agents that could read env vars; (5) consider disabling autonomous invocation for agents that will have access to these credentials or run the skill only under direct user control. The metadata mismatch lowers trust — resolve that (ask the publisher to declare required env vars) before granting the skill access to your Telegram credentials.
功能分析
Type: OpenClaw Skill
Name: telegram-readonly
Version: 0.1.2
The skill provides a specialized read-only interface for accessing a personal Telegram account via the Telethon library. The implementation in `scripts/telegram_readonly.py` is well-structured, lacks any write operations (send/delete/edit), and follows security best practices by enforcing restricted file permissions (chmod 600) on the configuration file containing sensitive session strings. The documentation in `SKILL.md` and `setup-and-safety.md` explicitly defines the safety model and warns the user about the high-privilege nature of MTProto sessions, aligning perfectly with the stated purpose without any signs of malicious intent or obfuscation.
能力评估
Purpose & Capability
The SKILL.md and the included script implement a read-only Telethon/MTProto client (dialogs, messages, search, unread lists), which matches the declared purpose. However, the registry metadata lists no required environment variables or primary credential despite the runtime and docs requiring TELEGRAM_API_ID, TELEGRAM_API_HASH, and a session string. That metadata omission is an incoherence that should be resolved before trusting the package.
Instruction Scope
The SKILL.md instructs only read actions and explicitly forbids writes; the code follows that surface (auth, dialogs, messages, search, unread queries). It also instructs saving a Telethon session string to ~/.config/telegram-readonly/config.json and to protect it. No external endpoints other than Telegram/Telethon are referenced. This is mostly scoped appropriately but the explicit storage of a high-privilege session file increases risk and should be reviewed.
Install Mechanism
There is no registry install spec; the docs recommend pipx install from a GitHub repo (git+https://github.com/ropl-btc/telegram-readonly-cli.git) or cloning/installing locally. Installing directly from a GitHub repo is common but has moderate risk — you should inspect the upstream repository and its release history before installing. The package does not pull from obscure hosts or URL shorteners, which is good.
Credentials
The runtime requires TELEGRAM_API_ID and TELEGRAM_API_HASH and either performs an interactive auth to create a TELEGRAM_SESSION_STRING or accepts it from env. The registry however declared no required env vars or primary credential. Requesting those Telegram credentials/session is appropriate for the described functionality, but the registry metadata failing to declare them is a mismatch and reduces transparency. The session string is a high-privilege secret — treat it like a password.
Persistence & Privilege
The skill writes a session file to ~/.config/telegram-readonly/config.json and sets file mode to 600, which is expected behavior for a local session. always is false and autonomous invocation is allowed (platform default). Persisting the session is necessary for functionality but increases long-term access risk; the SKILL.md acknowledges this and warns users to protect the file.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install telegram-readonly - 安装完成后,直接呼叫该 Skill 的名称或使用
/telegram-readonly触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Move skill files under skills/telegram-readonly; keep repo root focused on the installable CLI package.
v0.1.1
Make skill/docs generic instead of user-specific; keep read-only Telegram MTProto workflow unchanged.
v0.1.0
Initial release: read-only Telegram skill via Telethon/MTProto with dialogs, messages, search, unread-dialogs, unread-dms, and built-in help.
元数据
常见问题
Telegram Readonly 是什么?
Read the user's personal Telegram account in a controlled, read-only way via Telethon/MTProto. Use when you need to inspect Telegram chats, list dialogs, rea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 266 次。
如何安装 Telegram Readonly?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install telegram-readonly」即可一键安装,无需额外配置。
Telegram Readonly 是免费的吗?
是的,Telegram Readonly 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Telegram Readonly 支持哪些平台?
Telegram Readonly 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Telegram Readonly?
由 Robin | Liquidium(@ropl-btc)开发并维护,当前版本 v0.1.2。
推荐 Skills