Back to skill
Skillv0.1.4
ClawScan security
Telegram MTPROTO CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 1:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (a read-only Telegram MTProto CLI); the only notable risk is the normal trust required to install an npm package and manage Telegram credentials/sessions locally.
- Guidance
- This skill appears to do what it says: it uses an npm-published CLI for read-only access to Telegram via MTProto. Before installing, verify the npm package and GitHub repo (maintainer reputation, recent commits, issues), be aware that 'npm install -g' runs third-party code, and only enter your Telegram api_id/api_hash and phone OTP interactively when you trust the environment. Protect the session files (~/.tg-mtproto-cli/sessions/) and the system keychain entries; consider using an account with limited access if you want to reduce risk. If you are uncomfortable installing global npm packages or allowing the agent to run installed CLIs autonomously, do not install or restrict agent invocation.
Review Dimensions
- Purpose & Capability
- okName/description, required credentials (api_id/api_hash, phone/OTP), and runtime filesystem/network access (session files, media downloads, outbound TCP to Telegram DCs) all align with a read-only MTProto CLI. No unrelated credentials, binaries, or paths are requested.
- Instruction Scope
- okSKILL.md instructs only how to install and use the 'tg' CLI and how to authenticate interactively. It does not ask the agent to read unrelated files, exfiltrate data to third parties, or perform write operations on Telegram. It explicitly warns about sensitive session files and not logging credentials.
- Install Mechanism
- noteInstall is an npm global package (npm install -g tg-mtproto-cli) with a GitHub repo listed — this is expected for a CLI published on npm but is a moderate-risk install vector because npm package installs run third-party code. No arbitrary URL downloads or extract steps are present.
- Credentials
- okRequested credentials are limited to Telegram API credentials and phone/OTP (interactive). Storage in system keychain and session files is appropriate for the stated functionality. No unrelated environment variables or secrets are requested.
- Persistence & Privilege
- okSkill is instruction-only and not always:true; it does not request persistent system-wide privileges or modify other skills. The default platform ability for agents to invoke skills autonomously remains in place, which is normal and not a concern given the other checks.