The Telegram bot is unverified and accessible to anyone.
How could no one have noticed this huge security vulnerability? After binding the Telegram bot and running the backend program, whenever the bot receives a prompt, regardless of who sent it, it will forward it to Codex. This is essentially opening your computer to the entire world! You can refer to OpenClaw's Telegram bot mechanism.
Solution: Add Telegram accounts to a whitelist. Only allow whitelisted IDs to access the bot.
The Telegram bot is unverified and accessible to anyone.
How could no one have noticed this huge security vulnerability? After binding the Telegram bot and running the backend program, whenever the bot receives a prompt, regardless of who sent it, it will forward it to Codex. This is essentially opening your computer to the entire world! You can refer to OpenClaw's Telegram bot mechanism.
Solution: Add Telegram accounts to a whitelist. Only allow whitelisted IDs to access the bot.