ClawHub

telegram-voice-mode

Security checks across malware telemetry and agentic risk

Overview

This voice-reply skill does what it describes, but one sender script can send generated voice messages to a hard-coded Telegram account when no recipient is supplied.

Review before installing. Use this only after removing or replacing the hard-coded Telegram recipient, requiring an explicit destination, and confirming that voice replies should be sent through your messaging account. Avoid using it with sensitive conversations until recipient selection and confirmation are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script hard-codes a default Telegram recipient ID, so invoking it without an explicit target will transmit generated voice content to a specific third party. In an agent skill context, this creates an unintended data-exfiltration path because arbitrary reply content may be sent off-device without user approval, which is more dangerous than a normal CLI default.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The description does not warn that replies may be transformed into audio and transmitted via external messaging channels instead of remaining plain text in the current interface. In this context, that omission can cause privacy and operational issues because users may not realize their content is being processed by external tools and delivered through separate channels with different retention, logging, or recipient semantics.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends generated audio to Telegram using a default recipient without any confirmation, making accidental or silent transmission easy. In a voice-reply skill, content may contain sensitive conversation data, so automatic outbound delivery to a fixed ID materially increases the risk of privacy loss and unauthorized disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal