teleforge
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 14 GitHub stars
Code Fail
- os.homedir — User home directory access in bot.mjs
- process.env — Environment variable access in bot.mjs
- network request — Outbound network request in bot.mjs
Permissions Pass
- Permissions — No dangerous permissions requested
This tool acts as a Telegram bot interface for running Claude Code sessions remotely. It is designed to let you send one-shot tasks to a headless VM, allowing the AI agent to autonomously scaffold and build projects with minimal back-and-forth.
Security Assessment
Overall Risk: High. The tool explicitly spawns Claude Code using the `--dangerously-skip-permissions` flag, which grants the agent unrestricted, unmonitored access to execute shell commands and modify files on the host machine. The automated scan flagged access to the user's home directory (`os.homedir`), outbound network requests, and environment variable usage. While there are no hardcoded secrets, the tool requires your Telegram bot token and user ID via environment variables. Access is restricted to a single Telegram user ID, but if that account or the bot is compromised, the attacker gains full control over the machine due to the lack of permission guardrails. It is strictly meant for isolated containers or virtual machines.
Quality Assessment
Overall Quality: Low. The project is actively maintained with recent pushes, has an MIT license, and clearly documented setup instructions. However, it only has 14 GitHub stars, indicating limited community trust or widespread testing. Most notably, the repository is marked as deprecated in favor of an official native Telegram plugin, meaning this tool is essentially abandoned and will not receive future updates or security patches.
Verdict
Not recommended (deprecated, high-risk autonomous execution without guardrails, and superseded by an official native plugin).
Run Claude Code sessions remotely through a Telegram bot. Designed for one-shot tasks on a headless VM — send a task, let the agent scaffold, build, and ship with minimal back-and-forth.
❗Deprecated — use native Telegram plugin
Teleforge
Run Claude Code sessions remotely through a Telegram bot. Designed for one-shot tasks on a headless VM — send a task, let the agent scaffold, build, and ship with minimal back-and-forth. The agent can ask follow-up questions and send images/videos mid-session via MCP tools.
Architecture
- bot.mjs — Telegram bot (grammy) + internal TCP server. Receives tasks from Telegram, spawns
claudeCLI as a subprocess, streams results back. - mcp-server.mjs — MCP server that the agent loads as a tool provider. Bridges tool calls (
send_message,ask_user,send_image) to the bot over a local TCP socket.
Setup
npm install
Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
TG_BOT_TOKEN |
yes | — | Telegram bot token from @BotFather |
TG_USER_ID |
yes | — | Your numeric Telegram user ID. Only this user can interact with the bot. |
SCAFFOLD_DIR |
no | ./scaffold |
Template directory copied into each session. Contains CLAUDE.md. |
SESSIONS_DIR |
no | ~/.teleforge/sessions |
Where per-session working directories are created. |
IMAGES_DIR |
no | ~/.teleforge/images |
Where images received from Telegram are saved. |
Set them however you prefer (shell export, .env file with a loader, systemd unit, etc).
Run
TG_BOT_TOKEN=... TG_USER_ID=... npm start
Commands
Model override
Start your message with model <model-id> (optionally followed by a newline) to override the Claude model for that session. The prefix is stripped from the task text.
Example: model claude-sonnet-4-5-20250514 followed by your task.
Reply to resume
Reply to a Done [sessionId]... or Killed [sessionId]. message with a new task to resume that session — restores the working directory and the Claude conversation history, so the agent has full context from previous turns.
The quoted part of the message is stripped so it doesn't confuse the agent.
shutdown
Kill the currently running session immediately. The session directory is kept — reply to the Killed message to resume it later.
Security note
The bot spawns Claude Code with --dangerously-skip-permissions. This flag disables all interactive permission prompts so the agent can execute tools autonomously (file edits, shell commands, etc.) without manual approval.
This means the agent has unrestricted access to your machine. Only run this in an environment you're comfortable with (a container, a VM, a dedicated dev machine). Do not expose the bot to untrusted Telegram users — TG_USER_ID restricts access to a single account, but the underlying session has no guardrails.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found