ClawHub

Telegram Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Telegram sales playbook; its CRM and profile-language guidance is purpose-aligned but needs privacy and consent guardrails if implemented.

Install as a template, not a turnkey compliant bot. Before connecting it to Telegram or a CRM, add a privacy notice, get appropriate consent for CRM storage and outreach, let users change language preference, keep bot tokens secret, restrict admin commands, and define retention/deletion rules for lead data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the bot to create and query CRM records tied to a Telegram user without any notice, consent flow, or explanation of what data is stored and why. This creates a privacy risk because users may unknowingly have their identity, interests, and sales-stage data profiled and retained, which can violate data protection expectations or legal requirements.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Automatically inferring language from the user's Telegram profile processes profile-derived personal data without informing the user. While lower severity than CRM profiling, it still creates an avoidable privacy issue and can surprise users or mis-handle sensitive locale inferences.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The flow says to detect language from the Telegram profile and proceed, which removes user choice and may lead to incorrect assumptions about preferred language. In a sales context, forced language handling can cause miscommunication, improper profiling, and poor consent posture when combined with CRM storage and market segmentation.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal