ClawHub

Channel Reminders

Security checks across malware telemetry and agentic risk

Overview

This reminder skill has a legitimate purpose, but it gives persistent automation broad Telegram message-sending authority without enough recipient, account, or event-origin controls.

Install only if you are comfortable with persistent scheduled jobs and Telegram sends from configured bot accounts. Use verified recipient chat IDs, keep bot tokens out of logs and memory, restrict allowed accountId and target values, confirm reminders before creation, and periodically remove old cron jobs, HEARTBEAT rules, and stored chat IDs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the operator to record and persist a user's Telegram Chat ID in memory for future use. A chat ID is a user-specific identifier, and storing it beyond the immediate reminder workflow expands data retention and messaging capability without any consent, minimization, or privacy guidance.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation tells users how to query the Telegram Bot API to retrieve chat identifiers, which introduces a broader data-access capability than simple reminder scheduling. This encourages use of bot tokens and message metadata access without constraining scope or explaining the security implications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends storing a user's Telegram Chat ID in memory but provides no privacy notice, consent model, retention policy, or handling expectations for personally identifying messaging metadata. That omission increases the chance of silent collection and reuse of user identifiers beyond the immediate task.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions describe obtaining chat IDs via the Telegram Bot API but omit any warning that this requires bot token handling and access to message metadata. That can normalize unsafe token usage and unnecessary data collection by operators or downstream agents.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting and reusing a Telegram Chat ID enables later unsolicited or unintended messaging and increases the amount of user-linked data retained by the system. In this skill, that identifier is later used as a routing target, so storing it in memory materially expands the skill's ability to contact users outside the immediate interaction.

Ssd 3

High
Confidence
98% confidence
Finding
The skill instructs the main agent to parse target and message fields from free-form systemEvent text and forward them directly through the Telegram message tool. This creates an injection-style forwarding path where any actor able to create or influence scheduled events can cause arbitrary outbound messages to arbitrary targets, effectively turning the main agent into a message relay.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal