diff --git a/.github/workflows/npm-telegram-beta-e2e.yml b/.github/workflows/npm-telegram-beta-e2e.yml
index 3d500a72803..bb6340da6ef 100644
--- a/.github/workflows/npm-telegram-beta-e2e.yml
+++ b/.github/workflows/npm-telegram-beta-e2e.yml
@@ -59,12 +59,19 @@ jobs:
           PACKAGE_SPEC: ${{ inputs.package_spec }}
         run: echo "Approved npm Telegram beta E2E for ${PACKAGE_SPEC}"
 
-  run_npm_telegram_beta_e2e:
-    name: Run published npm Telegram E2E
-    needs: approve_release_manager
+  prepare_docker_e2e_image:
+    name: Prepare Docker E2E image
+    needs: validate_dispatch_ref
     runs-on: blacksmith-32vcpu-ubuntu-2404
-    timeout-minutes: 60
-    environment: qa-live-shared
+    timeout-minutes: 90
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      image: ${{ steps.image.outputs.image }}
+    env:
+      DOCKER_BUILD_SUMMARY: "false"
+      DOCKER_BUILD_RECORD_UPLOAD: "false"
     steps:
       - name: Checkout main
         uses: actions/checkout@v6
@@ -72,6 +79,61 @@ jobs:
           ref: ${{ github.sha }}
           fetch-depth: 1
 
+      - name: Resolve Docker E2E image tag
+        id: image
+        shell: bash
+        env:
+          SELECTED_SHA: ${{ github.sha }}
+        run: |
+          set -euo pipefail
+          repository="${GITHUB_REPOSITORY,,}"
+          image="ghcr.io/${repository}-docker-e2e:${SELECTED_SHA}"
+          echo "image=$image" >> "$GITHUB_OUTPUT"
+          echo "Docker E2E image: \`$image\`" >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Log in to GHCR
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Build and push Docker E2E image
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        with:
+          context: .
+          file: ./scripts/e2e/Dockerfile
+          target: build
+          platforms: linux/amd64
+          cache-from: type=gha,scope=docker-e2e
+          cache-to: type=gha,mode=max,scope=docker-e2e
+          tags: ${{ steps.image.outputs.image }}
+          provenance: false
+          push: true
+
+  run_npm_telegram_beta_e2e:
+    name: Run published npm Telegram E2E
+    needs: [approve_release_manager, prepare_docker_e2e_image]
+    runs-on: blacksmith-32vcpu-ubuntu-2404
+    timeout-minutes: 60
+    environment: qa-live-shared
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.sha }}
+          fetch-depth: 1
+
+      - name: Log in to GHCR
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
         with:
@@ -114,6 +176,8 @@ jobs:
         shell: bash
         env:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          OPENCLAW_SKIP_DOCKER_BUILD: "1"
+          OPENCLAW_DOCKER_E2E_IMAGE: ${{ needs.prepare_docker_e2e_image.outputs.image }}
           OPENCLAW_NPM_TELEGRAM_PACKAGE_SPEC: ${{ inputs.package_spec }}
           OPENCLAW_NPM_TELEGRAM_PROVIDER_MODE: ${{ inputs.provider_mode }}
           OPENCLAW_NPM_TELEGRAM_CREDENTIAL_SOURCE: convex
diff --git a/test/scripts/npm-telegram-live.test.ts b/test/scripts/npm-telegram-live.test.ts
index 8509c4e49ca..c1bc82c6eb9 100644
--- a/test/scripts/npm-telegram-live.test.ts
+++ b/test/scripts/npm-telegram-live.test.ts
@@ -46,13 +46,27 @@ describe("npm Telegram live Docker E2E", () => {
 
     expect(workflow).toContain("approve_release_manager:");
     expect(workflow).toContain("environment: npm-release");
-    expect(workflow).toContain("needs: approve_release_manager");
+    expect(workflow).toContain("needs: [approve_release_manager, prepare_docker_e2e_image]");
     expect(workflow).not.toContain('new Set(["admin", "write"])');
     expect(workflow).not.toContain("data.role_name");
     expect(workflow).not.toContain("github.rest.teams.listMembersInOrg");
     expect(workflow).not.toContain("getMembershipForUserInOrg");
   });
 
+  it("prepares and reuses a cached Docker E2E image before approval", () => {
+    const workflow = readFileSync(WORKFLOW_PATH, "utf8");
+
+    expect(workflow).toContain("prepare_docker_e2e_image:");
+    expect(workflow).toContain("docker/build-push-action");
+    expect(workflow).toContain("cache-from: type=gha,scope=docker-e2e");
+    expect(workflow).toContain("cache-to: type=gha,mode=max,scope=docker-e2e");
+    expect(workflow).toContain("needs: [approve_release_manager, prepare_docker_e2e_image]");
+    expect(workflow).toContain('OPENCLAW_SKIP_DOCKER_BUILD: "1"');
+    expect(workflow).toContain(
+      "OPENCLAW_DOCKER_E2E_IMAGE: ${{ needs.prepare_docker_e2e_image.outputs.image }}",
+    );
+  });
+
   it("lets npm-specific credential aliases override shared QA env", () => {
     expect(
       __testing.resolveCredentialSource({