telegram-dev
Comprehensive guide for developing Telegram bots and mini apps, covering APIs, payment integration, and message handling.
Install this skill
Security score
The telegram-dev skill was audited on Feb 28, 2026 and we found 31 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 3 | description: Telegram 生态开发全栈指南 - 涵盖 Bot API、Mini Apps (Web Apps)、MTProto 客户端开发。包括消息处理、支付、内联模式、Webhook、认证、存储、传感器 API 等完整开发资源。 |
Webhook reference - potential data exfiltration
| 17 | - 实现 Webhook 和长轮询 |
Webhook reference - potential data exfiltration
| 93 | - `setWebhook` - 设置 Webhook |
Webhook reference - potential data exfiltration
| 94 | - `deleteWebhook` - 删除 Webhook |
Webhook reference - potential data exfiltration
| 95 | - `getWebhookInfo` - 查询 Webhook 状态 |
Webhook reference - potential data exfiltration
| 122 | ### Webhook 配置 |
Webhook reference - potential data exfiltration
| 124 | **设置 Webhook:** |
Webhook reference - potential data exfiltration
| 129 | WEBHOOK_URL = "https://yourdomain.com/webhook" |
Webhook reference - potential data exfiltration
| 132 | f"https://api.telegram.org/bot{BOT_TOKEN}/setWebhook", |
Webhook reference - potential data exfiltration
| 133 | json={"url": WEBHOOK_URL} |
Webhook reference - potential data exfiltration
| 137 | **Flask Webhook 示例:** |
Webhook reference - potential data exfiltration
| 145 | @app.route('/webhook', methods=['POST']) |
Webhook reference - potential data exfiltration
| 146 | def webhook(): |
Webhook reference - potential data exfiltration
| 164 | **Webhook 要求:** |
Webhook reference - potential data exfiltration
| 658 | 3. **使用 Webhook 而非长轮询** |
External URL reference
| 47 | https://api.telegram.org/bot<TOKEN>/METHOD_NAME |
External URL reference
| 61 | API_URL = f"https://api.telegram.org/bot{BOT_TOKEN}" |
External URL reference
| 129 | WEBHOOK_URL = "https://yourdomain.com/webhook" |
External URL reference
| 132 | f"https://api.telegram.org/bot{BOT_TOKEN}/setWebhook", |
External URL reference
| 154 | f"https://api.telegram.org/bot{BOT_TOKEN}/sendMessage", |
External URL reference
| 182 | {"text": "打开链接", "url": "https://example.com"} |
External URL reference
| 261 | <script src="https://telegram.org/js/telegram-web-app.js"></script> |
External URL reference
| 504 | tg.openInvoice('https://t.me/$invoice_link', (status) => { |
External URL reference
| 563 | "web_app": {"url": "https://yourdomain.com/app"} |
External URL reference
| 585 | "web_app": {"url": "https://yourdomain.com/app"} |
External URL reference
| 596 | → 提供 URL: https://yourdomain.com/app |
External URL reference
| 638 | - 需要 API ID/Hash(从 https://my.telegram.org 获取) |
External URL reference
| 721 | - Bot API: https://core.telegram.org/bots/api |
External URL reference
| 722 | - Mini Apps: https://core.telegram.org/bots/webapps |
External URL reference
| 724 | - Telegram API: https://core.telegram.org |
External URL reference
| 734 | - https://my.telegram.org - 获取 API ID/Hash |