Back to skill

Security audit

Telegraph Protocol

Security checks across malware telemetry and agentic risk

Overview

The skill clearly discloses that it routes AI requests through Telegraph and may spend USDC, but its broad activation scope plus automatic wallet-backed payments warrant user review.

Install only if you intentionally want Telegraph-routed inference and are comfortable funding a burner wallet. Configure the wallet with a small balance, avoid using a main private key, and require your agent or MCP setup to ask before paid calls whenever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation description is broad enough to match common user requests such as weather, summaries, embeddings, image generation, and general LLM completions, which can cause the skill to activate in many ordinary conversations. In this skill's context, over-activation is especially risky because activation can lead to use of paid external tools and routing of user data to third-party network services without a narrowly scoped trigger or explicit user confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that paid inference calls automatically complete x402 USDC payments and that the agent never sees the payment step, but the invocation examples for common natural-language queries do not place a prominent warning or consent checkpoint near use. This creates a real risk that ordinary user requests will silently trigger wallet-backed micropayments and transmit prompts to external providers, especially given the broad activation scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.