telegram-bot-builder
Builds Telegram bots for automation and AI solutions, focusing on user experience, monetization, and scalability.
Install this skill
or
20/100
Security score
The telegram-bot-builder skill was audited on Feb 28, 2026 and we found 8 security issues across 3 threat categories, including 4 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 58
Template literal with variable interpolation in command context
SourceSKILL.md
| 58 | ctx.reply(`You said: ${ctx.message.text}`); |
high line 133
Template literal with variable interpolation in command context
SourceSKILL.md
| 133 | [Markup.button.callback(item.name, `item_${item.id}`)] |
high line 137
Template literal with variable interpolation in command context
SourceSKILL.md
| 137 | if (page > 0) nav.push(Markup.button.callback('◀️', `page_${page-1}`)); |
high line 138
Template literal with variable interpolation in command context
SourceSKILL.md
| 138 | if (start + perPage < items.length) nav.push(Markup.button.callback('▶️', `page_${page+1}`)); |
medium line 25
Webhook reference - potential data exfiltration
SourceSKILL.md
| 25 | - Webhook management |
medium line 50
Access to .env file
SourceSKILL.md
| 50 | const bot = new Telegraf(process.env.BOT_TOKEN); |
medium line 82
Access to .env file
SourceSKILL.md
| 82 | ├── .env |
medium line 171
Access to .env file
SourceSKILL.md
| 171 | provider_token: process.env.PAYMENT_TOKEN, |
Scanned on Feb 28, 2026
View Security DashboardGitHub Stars 508
Rate this skill
Categorymarketing
UpdatedMay 20, 2026
openclawapigrowth-marketerproduct-marketercustomer-success-managersocial-media-managerinfluencer-marketertelegrammarketingsales
Dicklesworthstone/pi_agent_rust