Back to skill

Security audit

Tg Notify

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it can use a local Telegram bot token to send user-provided content externally with broad triggers and limited guardrails.

Install only if you want Codex/OpenClaw to send Telegram messages through your configured bot. Before each send, verify the chat ID list and exact message text, and avoid sending credentials, secrets, personal data, or internal-only material unless you explicitly intend to share it over Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough that ordinary conversation like 'notify' or 'send telegram message' could invoke a capability that sends outbound messages. Because this skill performs external communication to arbitrary Telegram IDs, accidental activation could cause unintended disclosure of user content or actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill combines credential access from a local secrets file with outbound transmission to a third-party service, but it does not include a clear warning or guardrails about sending sensitive information. Users or downstream agents may treat it as a routine notification utility and unintentionally transmit private data to Telegram.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.