better-telegram-mcp
mcp
Uyari
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Gecti
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This server provides a dual-mode interface for Telegram, allowing AI agents to interact with both the Bot API and the MTProto user API. It offers tools for messaging, chat management, and media handling across user accounts and bots.
Security Assessment
Overall risk: Medium. The tool explicitly focuses on accessing sensitive data: it can read and send messages, manage chats, and handle media via your Telegram account. It makes network requests to Telegram's servers using your API credentials or bot tokens, and features a web-based OTP authentication flow for headless environments. Fortunately, the light code audit (12 files) found no dangerous hardcoded secrets, no dangerous OS permissions, and no malicious shell command execution patterns. The developers also claim to have implemented security hardening against SSRF and path traversal attacks, alongside error sanitization.
Quality Assessment
The project is highly polished for its size. It is licensed under the permissive MIT license and features professional automated workflows, including CI, Codecov, semantic releases, and Renovate for dependency management. However, community trust and visibility are currently very low, as it only has 5 GitHub stars. Being a very new and untested project in the public eye, it lacks a proven track record of independent community auditing.
Verdict
Use with caution—the codebase appears clean and professionally structured, but it requires highly sensitive account credentials, and the project's low community visibility means it has not been extensively peer-reviewed.
This server provides a dual-mode interface for Telegram, allowing AI agents to interact with both the Bot API and the MTProto user API. It offers tools for messaging, chat management, and media handling across user accounts and bots.
Security Assessment
Overall risk: Medium. The tool explicitly focuses on accessing sensitive data: it can read and send messages, manage chats, and handle media via your Telegram account. It makes network requests to Telegram's servers using your API credentials or bot tokens, and features a web-based OTP authentication flow for headless environments. Fortunately, the light code audit (12 files) found no dangerous hardcoded secrets, no dangerous OS permissions, and no malicious shell command execution patterns. The developers also claim to have implemented security hardening against SSRF and path traversal attacks, alongside error sanitization.
Quality Assessment
The project is highly polished for its size. It is licensed under the permissive MIT license and features professional automated workflows, including CI, Codecov, semantic releases, and Renovate for dependency management. However, community trust and visibility are currently very low, as it only has 5 GitHub stars. Being a very new and untested project in the public eye, it lacks a proven track record of independent community auditing.
Verdict
Use with caution—the codebase appears clean and professionally structured, but it requires highly sensitive account credentials, and the project's low community visibility means it has not been extensively peer-reviewed.
MCP server for Telegram (Bot API + MTProto) - composite tools optimized for AI agents
README.md
Better Telegram MCP
mcp-name: io.github.n24q02m/better-telegram-mcp
MCP server for Telegram with dual-mode support: Bot API (httpx) for quick bot integrations and MTProto (Telethon) for full user-account access.
Features
- Dual mode -- Bot API (httpx) for bots, MTProto (Telethon) for user accounts
- 6 tools with action dispatch:
message,chat,media,contact,config,help - Auto-detect mode -- Set bot token for bot mode, or API credentials for user mode
- Web-based OTP auth -- Browser-based authentication with remote relay support for headless environments
- Tool annotations -- Each tool declares
readOnlyHint,destructiveHint,idempotentHint,openWorldHint - MCP Resources -- Documentation available as
telegram://docs/*resources - Security hardened -- SSRF protection, path traversal prevention, error sanitization
Setup
With AI Agent -- copy and send this to your AI agent:
Please set up better-telegram-mcp for me. Follow this guide:
https://raw.githubusercontent.com/n24q02m/better-telegram-mcp/main/docs/setup-with-agent.md
Manual Setup -- follow docs/setup-manual.md
Tools
| Tool | Actions | Description |
|---|---|---|
message |
send, edit, delete, forward, pin, react, search, history |
Send, edit, delete, forward messages. Pin, react, search, browse history |
chat |
list, info, create, join, leave, members, admin, settings, topics |
List and manage chats, groups, channels. Members, admin, forum topics |
media |
send_photo, send_file, send_voice, send_video, download |
Send photos, files, voice notes, videos. Download media from messages |
contact |
list, search, add, block |
List, search, add contacts. Block/unblock users (user mode only) |
config |
status, set, cache_clear |
Server status, update runtime settings, clear cache |
help |
-- | Full documentation for any topic |
MCP Resources
| URI | Content |
|---|---|
telegram://docs/messages |
Message operations reference |
telegram://docs/chats |
Chat management reference |
telegram://docs/media |
Media send/download reference |
telegram://docs/contacts |
Contact management reference |
telegram://stats |
All documentation combined |
Security
- SSRF Protection -- All URLs validated against internal/private IP ranges, DNS rebinding blocked
- Path Traversal Prevention -- File paths validated, sensitive directories blocked
- Session File Security -- 600 permissions, 2FA via web UI only (never stored in env vars)
- Error Sanitization -- Credentials never leaked in error messages
Build from Source
git clone https://github.com/n24q02m/better-telegram-mcp.git
cd better-telegram-mcp
uv sync
uv run better-telegram-mcp
License
MIT -- See LICENSE.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi