ros/claude-plugins-official
1
0
Fork 0
mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-03-22 00:03:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Lock telegram/discord .env files to owner (chmod 600)

Browse Source 
The bot token is a credential. Tighten perms on load so hand-written
or pre-existing .env files get locked down, and update the configure
skill to chmod after writing. No-op on Windows.
This commit is contained in:
Kenneth Lien
2026-03-20 10:37:13 -07:00
parent 8938650428
commit 8140fbad22
4 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
external_plugins/telegram/skills/configure/SKILL.md
View File

@@ -77,7 +77,8 @@ offer.
2. `mkdir -p ~/.claude/channels/telegram`
3. Read existing `.env` if present; update/add the `TELEGRAM_BOT_TOKEN=` line,
preserve other keys. Write back, no quotes around the value.
4. Confirm, then show the no-args status so the user sees where they stand.
4. `chmod 600 ~/.claude/channels/telegram/.env` — the token is a credential.
5. Confirm, then show the no-args status so the user sees where they stand.
### `clear` — remove the token