News Telegram Push
Security checks across malware telemetry and agentic risk
Overview
This skill is a plain instruction-only news curation helper, but it asks an agent to post to Telegram twice daily without defining recipient, approval, credentials, or stop controls.
Install only if you will configure a dedicated Telegram bot limited to the intended chat or channel, require preview or explicit opt-in for scheduled sends, and have a clear way to pause or stop posts. Do not grant purchase, trading, payment, or broad account permissions; this skill only needs news browsing plus tightly scoped Telegram posting.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.