Tgsearch Telethon

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears to be a Telegram search wrapper, but it relies on an unreviewed local executable and an existing authorized Telegram session that are not clearly scoped in the artifacts.

Review or control the /usr/local/bin/tg_search executable before installing, and avoid using a personal Telegram session unless you understand exactly which account and session file the helper will use.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

If that local executable is missing, modified, or more privileged than described, the agent could run unreviewed code under the user's environment.

Why it was flagged

The package delegates its core behavior to an absolute-path local executable that is not included in the manifest and is not declared in the install requirements, so the reviewed artifacts do not show what code will access Telegram or the local session.

Skill content

subprocess.run(["/usr/local/bin/tg_search", query, limit], capture_output=True, text=True)

Recommendation

Only use this skill if you control and have reviewed /usr/local/bin/tg_search; the skill should include or pin the helper source and declare it as a required binary.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Searches may be performed through an existing Telegram account, and the account/session scope is unclear from the reviewed artifacts.

Why it was flagged

The skill depends on a logged-in Telegram/Telethon session, but the artifacts do not specify which account or session path is used, and the registry requirements declare no credential or config path.

Skill content

using an already-authorized Telethon session on this VPS

Recommendation

Use a dedicated low-privilege Telegram session for this skill and require the package to declare the session/config path and expected account permissions.

Low

#ASI02: Tool Misuse and Exploitation

What this means

A caller could request larger searches unless the unreviewed helper enforces the documented cap.

Why it was flagged

The wrapper accepts the caller-provided limit and forwards it to the helper; the documented maximum of 50 is not enforced in reviewed code.

Skill content

limit = sys.argv[2] if len(sys.argv) >= 3 else "10"

Recommendation

Enforce the documented maximum in the reviewed wrapper before calling the helper.