Back to skill

Security audit

Telegram Group Chat Setup

Security checks across malware telemetry and agentic risk

Overview

This skill performs the Telegram group setup it describes, but it handles a bot token and makes persistent gateway changes that users should review before running.

Install only if you intend to connect this MoltBot to a Telegram group. Verify the group ID, allowed users, and gateway patch before applying it; protect the bot token from logs or screenshots; and make sure group participants understand that turning Telegram privacy mode off allows the bot to receive group messages even though responses are mention-gated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs use of shell execution (`bash skills/groupchat-setup/scripts/detect_bot_info.sh`) but does not declare permissions for that capability. Undeclared execution capability weakens review and least-privilege controls, making it easier for a skill to run local commands without explicit operator awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior includes reading the local gateway config to obtain a Telegram bot token and sending it to an external API, while the skill is presented primarily as a configuration helper. This mismatch is dangerous because reviewers or users may authorize a seemingly routine config change without realizing it accesses secrets and performs outbound network activity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance explicitly recommends turning Telegram privacy mode OFF, which causes the bot to receive all group messages, including content not directed at it. Although the document later notes this behavior, it frames the change as the preferred setup without a clear privacy warning, consent guidance, or data-handling caveats, creating a real privacy and data-exposure risk for group participants.

External Transmission

Medium
Category
Data Exfiltration
Content
This reads the bot token from the gateway config and returns the bot's `name` and `username`.
If the script is unavailable, extract the bot token from `channels.telegram.botToken` in the
gateway config and call `https://api.telegram.org/bot<TOKEN>/getMe`.

### Step 2: Build mention patterns
Confidence
92% confidence
Finding
https://api.telegram.org/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.