tgcli
mcp
Fail
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 35 GitHub stars
Code Fail
- process.env — Environment variable access in .github/workflows/release.yml
- fs module — File system access in .github/workflows/release.yml
- process.env — Environment variable access in client.js
- exec() — Shell command execution in core/send-utils.js
- os.homedir — User home directory access in core/store.js
- process.env — Environment variable access in core/store.js
- process.env — Environment variable access in mcp-server.js
- fs.rmSync — Destructive file system operation in store-lock.js
- fs.rmSync — Destructive file system operation in telegram-client.js
- process.env — Environment variable access in telegram-client.js
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides a command-line interface and optional MCP server for interacting with a personal Telegram account via MTProto. It allows users to archive chats, search messages, and manage their account directly from the terminal.
Security Assessment
Overall risk: Medium. The application requires high-privilege access to function correctly, but developers should be aware of several underlying behaviors. It accesses the user's home directory to store its database and configuration files. It also performs destructive file system operations (`fs.rmSync`) and utilizes shell command execution (`exec()`). Because it acts as a direct Telegram client, it inherently handles highly sensitive data, including API credentials, session tokens, and private messages, and makes continuous network requests to Telegram's servers. No hardcoded secrets or dangerously broad permissions were detected, but the use of shell execution warrants a code review if used in automated pipelines.
Quality Assessment
The project is actively maintained, with repository activity as recent as today. It benefits from an open-source MIT license and has garnered 35 GitHub stars, indicating a moderate level of community trust and usage.
Verdict
Use with caution: while active and properly licensed, the tool processes highly sensitive account data and relies on shell execution and destructive file operations that necessitate careful review before deployment.
This tool provides a command-line interface and optional MCP server for interacting with a personal Telegram account via MTProto. It allows users to archive chats, search messages, and manage their account directly from the terminal.
Security Assessment
Overall risk: Medium. The application requires high-privilege access to function correctly, but developers should be aware of several underlying behaviors. It accesses the user's home directory to store its database and configuration files. It also performs destructive file system operations (`fs.rmSync`) and utilizes shell command execution (`exec()`). Because it acts as a direct Telegram client, it inherently handles highly sensitive data, including API credentials, session tokens, and private messages, and makes continuous network requests to Telegram's servers. No hardcoded secrets or dangerously broad permissions were detected, but the use of shell execution warrants a code review if used in automated pipelines.
Quality Assessment
The project is actively maintained, with repository activity as recent as today. It benefits from an open-source MIT license and has garnered 35 GitHub stars, indicating a moderate level of community trust and usage.
Verdict
Use with caution: while active and properly licensed, the tool processes highly sensitive account data and relies on shell execution and destructive file operations that necessitate careful review before deployment.
Telegram user console client and archiver
README.md
tgcli
Telegram CLI with background sync and an optional MCP server for your personal account (MTProto, not bot API).
Installation
npm install -g @kfastov/tgcli
brew install kfastov/tap/tgcli
Authentication
Get Telegram API credentials:
- Go to https://my.telegram.org/apps
- Log in with your phone number
- Create a new application
- Copy
api_idandapi_hash
Then authenticate:
tgcli auth
Quick start
tgcli auth
tgcli sync --follow
tgcli messages list --chat @username --limit 20
tgcli messages search "course" --chat @channel --source archive
tgcli send text --to @username --message "hello"
tgcli server
Commands
tgcli auth Authentication and session setup
tgcli config View and edit config
tgcli sync Archive backfill and realtime sync
tgcli server Run background sync service (MCP optional)
tgcli service Install/start/stop/status/logs for background service
tgcli channels List/search channels
tgcli messages List/search messages
tgcli send Send text or files
tgcli media Download media
tgcli topics Forum topics
tgcli tags Channel tags
tgcli metadata Channel metadata cache
tgcli contacts Contacts and people
tgcli groups Group management
tgcli doctor Diagnostics and sanity checks
Use tgcli [command] --help for details. Add --json for machine-readable output.
MCP (optional)
Enable it via config:
tgcli config set mcp.enabled true
By default the server binds to http://127.0.0.1:8080/mcp. To change it:
tgcli config set mcp.host 127.0.0.1
tgcli config set mcp.port 8080
Then run tgcli server and point your client at the configured address.
Configuration & Store
The tgcli store lives in the OS app-data directory and contains config.json, sessions, and messages.db.
Override the location with TGCLI_STORE.
Legacy version: see MIGRATION.md.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found