ClawHub
Back to skill

Security audit

Custom Telegram Bot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Telegram integration, but users should understand that messages and attachments may pass through AgentPMT and optional file ingestion can persist copies.

Install only if you are comfortable routing Telegram content through AgentPMT and Telegram. Use attachment ingestion only for files you are allowed to store, and be cautious with mark-as-read behavior because it can change what later polling sees as unread.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports sending and receiving Telegram messages and media through AgentPMT-hosted remote calls, plus optional ingestion of inbound media into a File Manager, but it does not prominently warn users that third-party message content and files will be transmitted to external services and may be stored. This can lead to unintended disclosure of sensitive customer conversations, documents, or images because users may invoke the skill without understanding the data-flow and retention implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The schema explicitly offers ingestion of Telegram photo/document content into AgentPMT File Manager, but it does not clearly warn that enabling this copies potentially sensitive user-supplied content into another storage system with its own retention lifecycle. In a two-way customer-support bot context, this can lead operators or downstream agents to ingest personal or confidential customer data without informed consent or understanding of persistence and exposure implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `mark_as_read` parameter changes persisted bot cursor state, which can suppress future visibility of unread updates, yet the schema does not prominently warn about this side effect. In a messaging workflow, an agent could inadvertently acknowledge messages as read during polling and cause customer messages to be skipped or hidden from later processing, creating integrity and availability issues for support operations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal