Back to skill

Security audit

Telegram CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Telegram CLI skill, but it can access private Telegram data and send messages from the authenticated account.

Install only if you trust the @cyberdrk/tg package or have reviewed its source. Authenticate only the Telegram account you intend to expose, confirm recipients and text before sending or replying, and avoid broad search or sync commands for sensitive chats unless you are comfortable with local copies of that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes syncing Telegram chats to local markdown files but does not warn that this may persist sensitive personal, group, or confidential business messages to disk. In an AI-agent context, local exports can broaden exposure through backups, indexing, accidental commits, or other tools reading those files, increasing the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly supports sending Telegram messages to users and groups but does not warn that provided content will be transmitted to external recipients over Telegram. This can cause unintended disclosure if a user assumes the tool is only formatting or previewing content locally, especially in an agent setting where prompts may contain sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The authentication instructions tell users to obtain Telegram API credentials and establish a session, but they provide no guidance on protecting API keys, session files, or local token storage. Exposure of these secrets could allow account access, message retrieval, or message sending through the user's Telegram identity.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The read/search/contact/member/admin commands can expose private messages, contact details, and group membership data, yet the skill does not warn about privacy sensitivity or downstream handling of retrieved data. In an agent workflow, such output may be copied into prompts, logs, or other tools, increasing the chance of unintended disclosure.

Session Persistence

Medium
Category
Rogue Agent
Content
First, get your API credentials:
1. Go to https://my.telegram.org/apps
2. Log in with your phone number
3. Create a new application
4. Copy the `api_id` and `api_hash`

Then authenticate:
Confidence
68% confidence
Finding
Create a new application 4. Copy the `api_id` and `api_hash` Then authenticate: ```bash tg auth ``` ## Commands ### Auth & Status ```bash tg whoami # Show logged-in a

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.