ClawHub

Telegram PDF Scraper

Security checks across malware telemetry and agentic risk

Overview

This Telegram PDF downloader is purpose-aligned, but it needs Review because it keeps a logged-in Telegram browser profile and automatically clicks/downloads files with weaker safety checks than it claims.

Install only if you are comfortable giving it access to a logged-in Telegram Web session. Use it with trusted channels, confirm the selected chat, inspect or scan downloaded files before opening them, and delete or log out of ./openclaw_chrome_profile if you do not want the Telegram session retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code's 'safety filter' is logically inconsistent: it blocks any href containing 'http://' or 'https://', but then implicitly trusts and clicks any other anchor as an internal Telegram file link. In a hostile or changing Telegram Web DOM, non-HTTP anchors such as javascript:, tg:, blob:, data:, or UI action links could still trigger unintended navigation or downloads, making the safety claim misleading and unsafe.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it will create local folders and download PDF files, but the user-facing guidance does not clearly warn that it writes content to disk and organizes files automatically. This can lead to unintended filesystem changes, silent accumulation of untrusted files, and user surprise about what data is being stored locally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill launches a persistent browser context using a local profile directory, which preserves the user's Telegram authentication session across runs. That creates privacy and account-security risk because the session artifacts remain on disk without clear consent, retention controls, or protection, and could be reused by anyone with local access.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill saves downloaded files to disk automatically based on content discovered in a Telegram channel, but it does not provide an explicit warning, confirmation, or strong provenance checks for what is being written. This can expose users to unwanted storage consumption and accidental saving of untrusted files under misleading filenames.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal