telegram-bot-chat
Security checks across malware telemetry and agentic risk
Overview
The skill’s Telegram bot coordination purpose is clear, but its deployment script would copy every installed skill into every bot workspace, which is broader than needed and could spread unwanted agent behavior.
Review the deployment commands before installing. Do not run the copy loop as written unless you intend to replicate every installed skill to every bot workspace; instead copy only telegram-bot-chat to explicitly chosen bot workspaces. Use dedicated Telegram bot tokens with minimal group permissions, and avoid sending secrets through inter-agent messages or Telegram group chats.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.