← Back to Skills Marketplace
Telegram Readonly
by
Robin | Liquidium
· GitHub ↗
· v0.1.2
· MIT-0
266
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install telegram-readonly
Description
Read the user's personal Telegram account in a controlled, read-only way via Telethon/MTProto. Use when you need to inspect Telegram chats, list dialogs, rea...
Usage Guidance
This skill implements a read-only Telethon client and legitimately needs TELEGRAM_API_ID, TELEGRAM_API_HASH, and a session string; however the registry metadata does not declare those env vars — that's an inconsistency you should not ignore. Before installing: (1) inspect the upstream GitHub repo (https://github.com/ropl-btc/telegram-readonly-cli) — review code, recent commits, open issues, and releases; (2) prefer cloning and reviewing locally before pipx installing; (3) do not provide your session string or credentials to untrusted agents or services; use the interactive auth flow and protect ~/.config/telegram-readonly/config.json (permission 600 is set by the script); (4) avoid exposing TELEGRAM_SESSION_STRING via environment to other processes/agents that could read env vars; (5) consider disabling autonomous invocation for agents that will have access to these credentials or run the skill only under direct user control. The metadata mismatch lowers trust — resolve that (ask the publisher to declare required env vars) before granting the skill access to your Telegram credentials.
Capability Analysis
Type: OpenClaw Skill
Name: telegram-readonly
Version: 0.1.2
The skill provides a specialized read-only interface for accessing a personal Telegram account via the Telethon library. The implementation in `scripts/telegram_readonly.py` is well-structured, lacks any write operations (send/delete/edit), and follows security best practices by enforcing restricted file permissions (chmod 600) on the configuration file containing sensitive session strings. The documentation in `SKILL.md` and `setup-and-safety.md` explicitly defines the safety model and warns the user about the high-privilege nature of MTProto sessions, aligning perfectly with the stated purpose without any signs of malicious intent or obfuscation.
Capability Assessment
Purpose & Capability
The SKILL.md and the included script implement a read-only Telethon/MTProto client (dialogs, messages, search, unread lists), which matches the declared purpose. However, the registry metadata lists no required environment variables or primary credential despite the runtime and docs requiring TELEGRAM_API_ID, TELEGRAM_API_HASH, and a session string. That metadata omission is an incoherence that should be resolved before trusting the package.
Instruction Scope
The SKILL.md instructs only read actions and explicitly forbids writes; the code follows that surface (auth, dialogs, messages, search, unread queries). It also instructs saving a Telethon session string to ~/.config/telegram-readonly/config.json and to protect it. No external endpoints other than Telegram/Telethon are referenced. This is mostly scoped appropriately but the explicit storage of a high-privilege session file increases risk and should be reviewed.
Install Mechanism
There is no registry install spec; the docs recommend pipx install from a GitHub repo (git+https://github.com/ropl-btc/telegram-readonly-cli.git) or cloning/installing locally. Installing directly from a GitHub repo is common but has moderate risk — you should inspect the upstream repository and its release history before installing. The package does not pull from obscure hosts or URL shorteners, which is good.
Credentials
The runtime requires TELEGRAM_API_ID and TELEGRAM_API_HASH and either performs an interactive auth to create a TELEGRAM_SESSION_STRING or accepts it from env. The registry however declared no required env vars or primary credential. Requesting those Telegram credentials/session is appropriate for the described functionality, but the registry metadata failing to declare them is a mismatch and reduces transparency. The session string is a high-privilege secret — treat it like a password.
Persistence & Privilege
The skill writes a session file to ~/.config/telegram-readonly/config.json and sets file mode to 600, which is expected behavior for a local session. always is false and autonomous invocation is allowed (platform default). Persisting the session is necessary for functionality but increases long-term access risk; the SKILL.md acknowledges this and warns users to protect the file.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install telegram-readonly - After installation, invoke the skill by name or use
/telegram-readonly - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Move skill files under skills/telegram-readonly; keep repo root focused on the installable CLI package.
v0.1.1
Make skill/docs generic instead of user-specific; keep read-only Telegram MTProto workflow unchanged.
v0.1.0
Initial release: read-only Telegram skill via Telethon/MTProto with dialogs, messages, search, unread-dialogs, unread-dms, and built-in help.
Metadata
Frequently Asked Questions
What is Telegram Readonly?
Read the user's personal Telegram account in a controlled, read-only way via Telethon/MTProto. Use when you need to inspect Telegram chats, list dialogs, rea... It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.
How do I install Telegram Readonly?
Run "/install telegram-readonly" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Telegram Readonly free?
Yes, Telegram Readonly is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Telegram Readonly support?
Telegram Readonly is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Telegram Readonly?
It is built and maintained by Robin | Liquidium (@ropl-btc); the current version is v0.1.2.
More Skills