TG-Staff Content Risk Control Configuration Guide: Risk Phrases, Groups, and Project Association

In Telegram customer service scenarios, agents (customer service representatives) send a large number of messages daily—replying to user inquiries, pushing order information, explaining policy terms. Once an agent mistakenly sends sensitive content (such as internal payment addresses, undisclosed project names, financial sensitive terms), it can lead to user complaints at best, or compliance risks and even asset losses at worst. For teams in Web3, cryptocurrency exchanges, or cross-border finance, this risk is particularly pronounced.

The built-in Content Risk Control (Internal Control Management) feature in TG-Staff Professional Edition is designed to address this issue. It automatically detects risk words before agents send messages, prompting a secondary confirmation or directly blocking the sending upon a hit, preventing sensitive information leakage at the source. This article will guide you step by step from scratch on configuring risk phrases, groups, and project associations, ensuring your Telegram customer service team operates efficiently within compliance boundaries.

---

What is TG-Staff Content Moderation? — Adding a Security Lock for Professional Agent Communication

The essence of content moderation is a real-time detection engine for agent outbound messages. When an agent clicks the send button in the TG-Staff Web console, the system compares the message against configured risk phrases before transmission. If a match is found, a popup prompts the agent: “The message contains a risk word. Please confirm whether to send it,” or directly blocks sending (depending on backend settings).

Key Points:

• Only monitors messages sent by agents (outbound), not messages received from users (inbound).
• Detection completes in milliseconds, imperceptible to agents, without affecting customer service response speed.
• All triggered records are audited and retained, supporting queries by agent, conversation, time, and risk word.

This mechanism is ideal for the following teams:

• Web3 / Cryptocurrency: Prevents agents from accidentally or maliciously sending payment wallet addresses (e.g., TRC20, ERC20, BTC addresses).
• Finance / Payments: Prevents agents from discussing fees, internal policies, or undisclosed product information in public conversations.
• Cross-border E-commerce / Community Management: Unifies brand language, preventing agents from using prohibited promotional terms or sensitive jargon.

TG-Staff Content Moderation consists of three core components: Risk Phrases (smallest detection unit), Risk Groups (management containers for phrases), and Project Association (binding groups to specific Bot projects). Below, we configure them step by step.

---

Step 1: Create and Configure Risk Phrases

Risk phrases are the smallest unit of content moderation. You can add any text fragment, keyword, or regular expression you want to monitor as a phrase.

Steps

1. Log in to the TG-Staff Application Console.
2. In the left navigation, find “Internal Control Management” → “Risk Phrases”.
3. Click “Create Phrase”, enter a phrase name (e.g., TRC20 收款地址) and keyword content.
4. Select the matching mode (Exact, Wildcard, Regex), and save.

Supported Keyword Types and Matching Rules

Matching Mode	Example	Use Case
Exact Match	支付密码	Must be exactly identical, e.g., specific brand names, internal codenames
Wildcard Match	*转账*	Triggers if the word is contained, suitable for general sensitive words like “transfer”, “investment”, “returns”
Regular Expression	T[a-zA-Z0-9]{33}	Matches specific data formats, e.g., TRC20 addresses (starting with T, 34 characters total)

Recommendation: For unstructured sensitive words (e.g., variations of project names), prefer wildcard matching; for fixed-format data (e.g., addresses, ID numbers), use regular expressions for higher accuracy.

Special Configuration Tips for Wallet Address Monitoring

For Web3 teams, wallet address monitoring is a common content moderation scenario. Using the full address directly (e.g., T9yD14NZ1N7q7jPvGmXxM5q8kP6u2kH) as a keyword may miss detections due to address fragments, case sensitivity, or chain aliases.

Best Practices:

• Use address prefix fragments (e.g., first 8–10 characters, like T9yD14NZ) as wildcard phrases.
• If your team uses multiple chains (TRC20, ERC20, BTC), create separate phrases for each chain.
• For known malicious addresses, use exact match or regular expressions to lock them strictly.

---

Step 2: Create and Manage Risk Groups

Risk groups are containers for organizing phrases. You can group phrases by scenario (e.g., payment terms, wallet addresses, prohibited products) and apply them together to a project.

Steps

1. In the TG-Staff console, go to “Internal Control Management” → “Risk Groups”.
2. Click “Create Group”, enter a group name (e.g., “Payment Risk Words”) and description.
3. Select the phrases to include in the group from the phrase list.
4. Save the group.

Note: A group can contain multiple phrases, and a phrase can belong to multiple groups. This many-to-many relationship allows flexible configuration.

---

Step 3: Bind Risk Groups to Bot Projects

The final step is to bind risk groups to specific Bot projects. After binding, all agent outbound messages in that project will be subject to content moderation.

Steps

1. In the TG-Staff console, go to “Project Management” and select the target Bot project.
2. In the project details page, find “Risk Group Binding” and click “Edit”.
3. Select the risk groups to bind (multiple groups can be selected).
4. Set the action on hit (Prompt or Block) and save.

Action on hit:

• Prompt: The agent sees a popup asking whether to send; they can choose to send or cancel.
• Block: The message is directly blocked and cannot be sent.

After binding, you can test by sending a message containing a risk word in the agent console to verify the effect.

---

Audit and Logging

All content moderation triggers are recorded in the audit log. You can view them in “Internal Control Management” → “Audit Log”, supporting filtering by:

• Agent
• Conversation
• Time range
• Risk word / group
• Action taken (Prompt / Block / Final send)

This helps teams identify training needs or potential risks in a timely manner.

---

FAQ

Q: Does content moderation affect message sending speed? A: Detection is completed in milliseconds, imperceptible to agents, and does not affect customer service response speed.

Q: Can I use content moderation for inbound messages? A: Currently, only outbound messages from agents are monitored. Inbound monitoring is not supported.

Q: Can I bind multiple risk groups to one project? A: Yes, multiple groups can be bound simultaneously. The system will match against all phrases in all bound groups.

Q: What is the difference between Prompt and Block? A: Prompt allows the agent to choose whether to send after a popup; Block directly prevents sending.

---

Conclusion

TG-Staff Content Moderation helps teams manage the risk of agent outbound messages through three simple steps: create risk phrases, organize them into groups, and bind them to projects. Whether for Web3 wallet address monitoring or financial industry compliance review, this feature provides a lightweight yet powerful security lock.

Start configuring now to keep your team communication safe and compliant!

---

Step 2: Categorize Phrases into Risk Groups

After creating risk phrases, you need to assign them to Risk Groups so they can be referenced by projects. A group acts like a “folder” that bundles similar phrases together, making it easy to apply them by scenario in batches.

Group Management and Permission Control

1. Go to “Internal Controls” → “Risk Groups” and click “Create Group”.
2. Enter a group name (e.g., Web3 敏感地址) and a note (optional, to describe the group’s purpose).
3. On the group details page, click “Add Phrases”, select from the list of created phrases, and confirm.
4. You can add multiple phrases to the same group or add a phrase to multiple groups.

Permission Notes:

• Admins: Can create, edit, and delete all phrases and groups.
• Operators: Can only view group contents linked to their assigned projects; cannot modify or delete.

Naming Convention Suggestions:

• Name by business scenario: 金融敏感词, Web3 地址, 内部代号.
• Name by risk level: 高危-阻止发送, 中危-二次确认.
• In the notes, list the phrases included in the group and applicable projects for easy future auditing.

---

Step 3: Link Risk Groups to Projects

After creating and populating groups, you need to bind them to specific Bot projects for detection to take effect.

Steps

1. Go to “Project Management” → Select Target Project → “Internal Controls” tab.
2. Click “Link Risk Group”, select a created group from the dropdown list.
3. Set the Detection Action for this group: Pop-up Confirmation or Block Sending.
4. After saving, all outbound messages from agents under this project will be immediately screened.

Key Points:

• A project can link multiple groups, and each group can have its own independent detection action.
• A group can also be linked to multiple projects, enabling phrase reuse.
• Changes take effect immediately without restarting the project or refreshing the page.
• Modifying phrase content does not require re-linking the group; changes apply automatically.

Common Scenarios and Precautions for Project Linking

Scenario 1: Differentiate by Project Type

• Customer service projects (e.g., user inquiries): Link the 金融敏感词 group with “Pop-up Confirmation”.
• Marketing projects (e.g., bulk messaging): Link the 内部代号 group with “Block Sending”.

Scenario 2: Web3 Exchange

• Main project: Link both Web3 地址 and 金融敏感词 groups; set the former to “Block Sending” and the latter to “Pop-up Confirmation”.
• Sub-projects (e.g., VIP support): additionally link the 内部政策 group with “Block Sending”.

Precautions:

• Avoid False Positives: Do not link groups containing everyday high-frequency words (e.g., “price”, “payment”) to regular customer service projects; otherwise, even messages like “What is this price?” will trigger pop-ups, reducing efficiency.
• Test First: Before going live, create a test project, link a group, and have agents send mock messages to verify the hit logic is accurate.
• Group Decoupling: If a group is no longer applicable, you can unlink it at any time without affecting other projects.

---

Step 4: View Trigger Logs and Audit Trails

Every trigger of content control is recorded for compliance checks and internal investigations.

How to View

1. Go to “Internal Controls” → “Trigger Logs”.
2. Filter by time range, agent, conversation, risk phrase, or project.
3. Each record includes: trigger time, agent name, conversation, hit risk phrase, detection action (Pop-up Confirmation or Block Sending).

Log Differentiation:

• Pop-up Confirmation: After the agent clicks “Confirm Send”, the message is sent; the log records it as “Allowed”.
• Block Sending: The message is not sent; the log records it as “Blocked”.

Audit Value:

• Regularly export trigger logs to analyze frequently hit risk phrases and decide whether to adjust phrases or detection actions.
• If a compliance incident occurs, logs help quickly identify the involved agent, conversation content, and risk phrases.
• Combined with user profiles (Pro version), you can trace whether a user is high-risk to aid decision-making.

---

Content Control Best Practices and Common Mistakes

Best Practices

1. Start with a Small Set of High-Precision Phrases
   First configure 5-10 core sensitive words (e.g., payment addresses, internal codenames), run for a week, then optimize based on trigger logs. Avoid adding many vague phrases initially to prevent frequent pop-ups that hinder agent efficiency.

2. Regularly Audit Trigger Logs
   Check trigger logs at least once a month to identify:

   • Which risk phrases are hit most frequently → Need to adjust matching patterns?
   • Which agents trigger the most → Need training or permission adjustments?
   • Any false positives → Need to remove or modify phrases?

3. Distinguish Between “Pop-up Confirmation” and “Block Sending” Scenarios

   • Pop-up Confirmation: Suitable for daily high-frequency words that need a reminder (e.g., “price”, “payment”, “transfer”). Agents can still send after confirmation, without affecting normal business.
   • Block Sending: Suitable for absolutely prohibited words (e.g., specific payment addresses, unreleased product names, internal policy links). Agents cannot bypass; they must contact an admin to modify.

4. Web3 Teams Must Configure Wallet Address Monitoring
   This is one of TG-Staff content control’s most unique features. Even if your team has not had incidents, configuring it in advance prevents future risks. Use address fragments with wildcards to cover major chains (TRC20, ERC20, BTC, BEP20, etc.).

Common Misconceptions

• Misconception 1: Content moderation monitors user messages
  Fact: Only outbound messages from agents are monitored. To filter user messages, you need to implement it on the Bot side or within the workflow.

• Misconception 2: After configuration, agents cannot send any sensitive words
  Fact: It depends on the detection action. If set to “Double Check”, agents can still send after confirmation; if set to “Block Sending”, the message cannot be sent.

• Misconception 3: A project can only be associated with one group
  Fact: Many-to-many relationships are supported. A project can be associated with multiple groups, and a group can be associated with multiple projects.

• Misconception 4: After modifying a word list, the project needs to be re-associated
  Fact: Modifications to word list content take effect immediately, no need to re-associate groups or projects.

---

Frequently Asked Questions

Q: Does content moderation support monitoring messages sent by users?
A: No. TG-Staff’s content moderation only monitors outbound messages sent by agents (customer service), not inbound messages sent by Telegram users. To filter user messages, you need to implement it on the Bot side or within the workflow.

Q: What matching modes does the risk word list support?
A: It supports exact match, wildcard match (e.g., *敏感词*), and regex match. For wallet addresses, it’s recommended to use fragment match (e.g., T9yD14NZ) to avoid false negatives due to chain address variants.

Q: After configuring risk word lists, what happens when an agent sends a message?
A: The message is checked before sending. If a risk word is hit, based on backend settings, the agent will see a pop-up for double confirmation (can still send) or the message will be directly blocked (cannot send). Both behaviors are configurable.

Q: Can a project be associated with multiple risk groups?
A: Yes. A project can be associated with multiple risk groups, and a risk group can be associated with multiple projects. Groups and projects have a many-to-many relationship for flexible combinations.

Q: Does content moderation affect message sending performance?
A: No. Detection is completed in milliseconds in the background, imperceptible to agents. TG-Staff Pro is optimized for high-frequency scenarios without adding message latency.

---

Mastering TG-Staff content moderation configuration is like installing an intelligent security lock for your Telegram customer service team. From risk word lists to group management and project association, every step serves one goal: prevent sensitive information leakage without affecting agent efficiency.

Go to app.tg-staff.com now to register for a free trial (3-day Pro experience) and test the content moderation configuration process. For in-depth reference, check the official documentation; if you encounter issues during configuration, contact @tgstaff_robot for help.