Security checks across malware telemetry and agentic risk
This skill appears to be a disclosed, read-only Telegram CLI integration, with sensitive credential and session handling that users should protect carefully.
Install only if you are comfortable giving this CLI access to your Telegram account, local Telegram session database, and system keychain entries. Keep the session directory private, do not share session files, and use it only on a machine where you trust the local agent/runtime with Telegram message access.
filesystem:
- read/write: ~/.tg-mtproto-cli/sessions/*.session (SQLite auth sessions)
- write: media files to --out dir or cwd (tg download only)
keychain: read/write account metadata and API credentials
shell: false
browser: false
---|---|---|---| | Network | Outbound TCP to Telegram DC servers | MTProto protocol, required for all commands | | Session files | Read/write `~/.tg-mtproto-cli/sessions/*.session` | SQLite databases with auth keys; created by `tg auth` | | System keychain | Read/write | Stores `api_id`, `api_hash`, account metadata, default account | | Filesystem | Write (only `tg download`) | Saves media to `--out` dir or current directory | ## Guardrails
| Resource | Access | Details | |---|---|---| | Network | Outbound TCP to Telegram DC servers | MTProto protocol, required for all commands | | Session files | Read/write `~/.tg-mtproto-cli/sessions/*.session` | SQLite databases with auth keys; created by `tg auth` | | System keychain | Read/write | Stores `api_id`, `api_hash`, account metadata, default account | | Filesystem | Write (only `tg download`) | Saves media to `--out` dir or current directory |
64/64 vendors flagged this skill as clean.