Back to skill

Security audit

Telegram Replies

Security checks across malware telemetry and agentic risk

Overview

This skill is a Telegram ghostwriting helper, but it explicitly normalizes undisclosed AI-authored personal messages and guidance for avoiding Telegram anti-spam restrictions.

Install only if you are comfortable with an agent drafting or sending Telegram messages under a real person’s identity. Use it only for authorized, human-reviewed replies, avoid unsolicited cold outreach, disclose AI involvement where appropriate, and do not use the anti-spam guidance to bypass Telegram limits or recipient privacy settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to impersonate a real person and hide AI involvement unless asked, which is deceptive by design. In a direct-messaging context, this increases the risk of social engineering, unauthorized impersonation, and misleading recipients into trusting AI-generated outreach as authentic human communication.

Vague Triggers

Low
Confidence
88% confidence
Finding
The evaluation prompts are broad and lack explicit activation boundaries, safety constraints, or exclusion conditions, so a downstream agent could generalize the skill into broader unsolicited messaging behavior than intended. In this skill’s context, that risk is elevated because the prompts explicitly cover private outreach and wording variation to avoid Telegram spam and privacy restrictions, which can normalize evasive or policy-unsafe behavior.

Ssd 4

High
Confidence
98% confidence
Finding
This section teaches the agent how to adapt message timing, wording, batching, and retry behavior to avoid Telegram anti-spam detection and account restrictions. Guidance focused on evading platform safeguards materially enables spam, abusive outreach, and circumvention of trust-and-safety controls protecting users and the platform.

Ssd 4

High
Confidence
99% confidence
Finding
The skill instructs the model to ghostwrite as a real person and not reveal AI authorship, directly enabling impersonation in private communications. In the context of outbound Telegram DMs, this is especially dangerous because it can be used for fraud, manipulation, phishing pretexting, or reputational harm under another person's identity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.