ClawHub

Telegram Bot API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Telegram Bot API reference skill, but users should treat bot tokens and bot-sent data as sensitive.

Install this only for Telegram bot development. Prefer test bots first, avoid saving production bot tokens in plaintext markdown, keep ~/telegram-bot-api/ private, rotate a token if it is exposed, and explicitly review commands that send media, change webhooks, delete messages, ban users, request contact/location data, or use drop_pending_updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The template explicitly instructs storing a live Telegram bot token in a local markdown file, which is an unsafe secret-handling pattern because markdown files are commonly indexed, synced, committed, and read by tools outside the intended trust boundary. A bot token is effectively a bearer credential for full bot control, so exposure can let an attacker send messages, modify webhook settings, or impersonate the bot.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples include buttons that request sensitive data such as phone numbers and location, but provide no warning about consent, data minimization, or secure handling. In a bot-development skill, this can normalize collecting personal data without adequate privacy safeguards, increasing the chance that downstream users implement intrusive or noncompliant flows.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The template normalizes plaintext secret storage without any warning, masking the sensitivity of the bot token and increasing the likelihood that users will paste production credentials into a casually handled file. In the context of an agent skill, this is especially risky because memory files may be reused, surfaced to other tools, backed up, or included in prompts, turning a local documentation choice into credential exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation guidance is overly broad because it suggests the skill should engage whenever Telegram bots are mentioned, which can cause the assistant to invoke the skill in contexts where it is not necessary or appropriate. While not directly enabling code execution or exfiltration, broad auto-invocation increases the chance that token-handling and persistence behaviors are triggered in unrelated conversations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the assistant to store a bot token locally after permission, but it does not clearly warn that the token is a sensitive secret that grants control over the bot and must be protected like a password. In this context, local persistence materially increases risk because the token may be exposed through later prompts, filesystem access, backups, logs, or other skills reading from the same directory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook setup example includes the bot token in the public webhook URL path (`/webhook/${TOKEN}`). Putting secrets in URLs risks leakage through reverse-proxy logs, browser/history tooling, monitoring systems, and accidental sharing, which can expose the bot token and enable full bot compromise.

Ssd 3

Medium
Confidence
98% confidence
Finding
Directing the assistant to retain a user-provided bot token in a markdown file creates a secret-retention vulnerability: the credential remains available for unintended disclosure long after the original interaction. Because Telegram bot tokens enable API access and bot impersonation, compromise of the local file can let an attacker send messages, alter bot behavior, or abuse connected integrations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal