ClawHub

Telegram Notifier

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Telegram notification skill, but users should avoid sending secrets or private reports through it unintentionally.

Install only if you want agent-generated content sent to the configured Telegram chat. Use a dedicated bot and chat, keep the bot token secret, review or redact sensitive reports before sending, and add the cron example only if recurring notifications are intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description is broad enough that an agent could invoke this skill for many kinds of reports, alerts, or messages without an explicit user confirmation step. In a system where agents may handle sensitive data, broad activation language increases the chance of unintended exfiltration to Telegram.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description advertises sending reports and alerts to Telegram but does not prominently warn that message contents leave the local environment and are transmitted to a third-party service. This omission can cause users or agents to send sensitive findings, credentials, incident details, or regulated data off-platform without informed consent.

External Transmission

Medium
Category
Data Exfiltration
Content
```python
import os, requests

requests.post(
    f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage",
    json={
        "chat_id": os.environ['TELEGRAM_CHAT_ID'],
Confidence
93% confidence
Finding
requests.post( f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage", json=

External Transmission

Medium
Category
Data Exfiltration
Content
def send_telegram(text: str, parse_mode: str = "Markdown") -> bool:
    """Send a message to Telegram. Returns True on success."""
    r = requests.post(
        f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage",
        json={
            "chat_id": os.environ['TELEGRAM_CHAT_ID'],
Confidence
93% confidence
Finding
requests.post( f"https://api.telegram.org/bot{os.environ['TELEGRAM_BOT_TOKEN']}/sendMessage", json=

External Transmission

Medium
Category
Data Exfiltration
Content
return {"ok": False, "error": "TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID not set"}

    try:
        r = requests.post(
            f"https://api.telegram.org/bot{token}/sendMessage",
            json={"chat_id": chat_id, "text": text[:4096]},  # Telegram limit: 4096 chars
            timeout=10,
Confidence
91% confidence
Finding
requests.post( f"https://api.telegram.org/bot{token}/sendMessage", json=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal