The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill facilitates the ingestion of untrusted data from the Telegram Bot API, creating a vulnerability to Indirect Prompt Injection.
Ingestion points: Data enters through the getUpdates call in scripts/test_bot.py and via the configured webhooks/polling mechanisms described in references/WEBHOOK_SETUP.md.
Boundary markers: No boundary markers or 'ignore embedded instructions' delimiters are implemented in the configuration templates or test scripts.
Capability inventory: The skill enables the Telegram plugin for the OpenClaw gateway, which, as an agent platform, typically possesses high-privilege capabilities including file system access and tool execution.
Sanitization: No evidence of message sanitization or instruction filtering is present in the provided scripts or documentation.
[COMMAND_EXECUTION] (MEDIUM): The scripts/setup_bot.py script automatically executes system-level commands using subprocess.run to restart the OpenClaw gateway.
Evidence: subprocess.run(['openclaw', 'gateway', 'restart'], ...) in scripts/setup_bot.py (Line 160).
[DATA_EXPOSURE] (MEDIUM): The setup script modifies the primary system configuration file (openclaw.json) and stores the user-provided Telegram Bot Token in plain text.
Evidence: self.config_path = Path("/home/openclaw/.openclaw/openclaw.json") and json.dump(config, f, indent=2) in scripts/setup_bot.py.
[EXTERNAL_DOWNLOADS] (LOW): Both setup_bot.py and test_bot.py initiate outbound network requests to the Telegram API domain.
Evidence: Network requests to https://api.telegram.org using the requests library.

telegram-bot-manager