Back to skill
Skillv1.0.0
VirusTotal security
Telegram Ops · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:19 AM
- Hash
- cb5080af24128107894790705669d38d8d306b810550fcf5fddd8f8cf630f511
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telegram-ops Version: 1.0.0 The skill is highly susceptible to prompt injection due to its use of `gateway action=config.patch` in SKILL.md. This command allows the agent to modify its own configuration, specifically the `systemPrompt` for newly created Telegram topics. An attacker could craft a malicious system prompt that, when applied, would instruct the agent operating within that topic to ignore user instructions, exfiltrate data, or perform other unauthorized actions. The skill also advises against restricting skills by default, increasing the potential blast radius of such an attack.
- External report
- View on VirusTotal