Back to skill

Security audit

Cross Bot Communication

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it automatically maps Telegram group/channel relationships and can relay messages without clear user controls.

Review before installing. Use a dedicated low-privilege Telegram bot token, restrict scans to specific groups/channels you approve, require a visible preview and confirmation before messages are sent, and ensure any relationship table can be reviewed and deleted. Avoid granting admin rights unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes automatic scanning of existing groups/channels and construction of a relationship table, but does not disclose privacy implications, consent expectations, retention, or access controls for the collected social-graph data. In a messaging/agent context, silently enumerating memberships and persisting owner/bot/group mappings can expose sensitive relationship metadata and create unauthorized surveillance concerns.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Presenting the skill as 'zero-configuration' and 'automatic' downplays that it may auto-bind identities and persist relationship data derived from user/group context. That framing increases the chance that operators enable behavior without understanding that social-context metadata is being inferred and stored, which can lead to privacy violations or unexpected state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes automatic scanning of existing groups and channels to build a social relationship map, but it provides no user-facing notice, consent step, scope limitation, or retention policy. In an agent context, this can expose membership and relationship metadata without informed user approval, creating privacy and data-minimization risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes sending messages to a target bot through subagents but does not warn that user content or metadata may be transmitted to third-party bots or channels. This creates a real outbound disclosure risk because users may not realize their requests are being relayed externally, potentially exposing sensitive information or identities.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.