telegram-mini-app

Enables the creation of Telegram Mini Apps with native-like experiences, integrating payments and user authentication for monetization.

Install this skill

63/100

Security score

The telegram-mini-app skill was audited on Feb 28, 2026 and we found 9 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 210

Template literal with variable interpolation in command context

SourceSKILL.md

210	const referralLink = `https://t.me/your_bot?start=ref_${user.id}`;

high line 214

Template literal with variable interpolation in command context

SourceSKILL.md

214	`https://t.me/share/url?url=${encodeURIComponent(referralLink)}&text=Check this out!`

low line 44

External URL reference

SourceSKILL.md

44	<script src="https://telegram.org/js/telegram-web-app.js"></script>

low line 96

External URL reference

SourceSKILL.md

96	{ text: '🚀 Open App', web_app: { url: 'https://your-app.com' } }

low line 125

External URL reference

SourceSKILL.md

125	<TonConnectUIProvider manifestUrl="https://your-app.com/tonconnect-manifest.json">

low line 142

External URL reference

SourceSKILL.md

142	"url": "https://your-app.com",

low line 144

External URL reference

SourceSKILL.md

144	"iconUrl": "https://your-app.com/icon.png"

low line 210

External URL reference

SourceSKILL.md

210	const referralLink = `https://t.me/your_bot?start=ref_${user.id}`;

low line 214

External URL reference

SourceSKILL.md

214	`https://t.me/share/url?url=${encodeURIComponent(referralLink)}&text=Check this out!`

Scanned on Feb 28, 2026

View Security Dashboard

Installation guide →

GitHub Stars 508

Rate this skill

Categorymarketing

UpdatedMay 20, 2026

openclaw api mobile backend growth-marketer product-marketer backend-developer mobile-developer ux-designer telegram marketing development design

Dicklesworthstone/pi_agent_rust