telegram
Integrates with the Telegram Bot API for creating bots with features like messaging, webhooks, and inline keyboards using Node.js and Python.
Install this skill
Security score
The telegram skill was audited on May 14, 2026 and we found 31 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 148 | bot.sendMessage(msg.chat.id, `Voce disse: ${msg.text}`); |
Curl to non-GitHub URL
| 419 | curl -X POST "https://api.telegram.org/bot$TOKEN/setMyCommands" \ |
Webhook reference - potential data exfiltration
| 3 | description: Integracao completa com Telegram Bot API. Setup com BotFather, mensagens, webhooks, inline keyboards, grupos, canais. Boilerplates Node.js e Python. |
Webhook reference - potential data exfiltration
| 12 | - webhooks |
Webhook reference - potential data exfiltration
| 25 | Integracao completa com Telegram Bot API. Setup com BotFather, mensagens, webhooks, inline keyboards, grupos, canais. Boilerplates Node.js e Python. |
Webhook reference - potential data exfiltration
| 55 | **Portas suportadas para webhooks:** 443, 80, 88, 8443 |
Webhook reference - potential data exfiltration
| 79 | ├── Webhook setup → references/webhook-setup.md |
Webhook reference - potential data exfiltration
| 342 | Existem duas formas de receber updates: **Long Polling** e **Webhooks**. |
Webhook reference - potential data exfiltration
| 360 | ## Webhooks (Producao) |
Webhook reference - potential data exfiltration
| 362 | Para producao, webhooks sao mais eficientes. O Telegram envia updates via POST para sua URL HTTPS. |
Webhook reference - potential data exfiltration
| 364 | Leia `references/webhook-setup.md` para configuracao completa com Express, Flask, ngrok e deploy. |
Webhook reference - potential data exfiltration
| 370 | ## Flask Webhook |
Webhook reference - potential data exfiltration
| 379 | @app.route(f"/webhook/{TOKEN}", methods=["POST"]) |
Webhook reference - potential data exfiltration
| 380 | def webhook(): |
Webhook reference - potential data exfiltration
| 391 | ## Registrar Webhook |
Webhook reference - potential data exfiltration
| 393 | requests.post(f"{BASE}/setWebhook", json={ |
Webhook reference - potential data exfiltration
| 394 | "url": "https://seu-dominio.com/webhook/" + TOKEN, |
Webhook reference - potential data exfiltration
| 552 | | Setup de webhooks | `references/webhook-setup.md` | |
Ngrok tunnel reference
| 364 | Leia `references/webhook-setup.md` para configuracao completa com Express, Flask, ngrok e deploy. |
Access to .env file
| 140 | const bot = new TelegramBot(process.env.TELEGRAM_BOT_TOKEN!, { polling: true }); |
External URL reference
| 50 | **Base URL:** `https://api.telegram.org/bot<TOKEN>/METHOD_NAME` |
External URL reference
| 184 | BASE = f"https://api.telegram.org/bot{TOKEN}" |
External URL reference
| 211 | text="<b>Negrito</b>, <i>italico</i>, <code>codigo</code>, <a href='https://example.com'>link</a>", |
External URL reference
| 219 | text="*Negrito*, _italico_, `codigo`, [link](https://example\\.com)", |
External URL reference
| 226 | await bot.send_photo(chat_id, photo="https://example.com/img.jpg", caption="Legenda aqui") |
External URL reference
| 234 | await bot.send_video(chat_id, video="https://example.com/video.mp4", caption="Assista!") |
External URL reference
| 277 | bot.sendPhoto(chatId, 'https://example.com/img.jpg', { caption: 'Legenda' }); |
External URL reference
| 299 | [InlineKeyboardButton("Abrir Site", url="https://example.com")], |
External URL reference
| 377 | BASE = f"https://api.telegram.org/bot{TOKEN}" |
External URL reference
| 394 | "url": "https://seu-dominio.com/webhook/" + TOKEN, |
External URL reference
| 419 | curl -X POST "https://api.telegram.org/bot$TOKEN/setMyCommands" \ |