Telegram-Bot-managerj

This skill is classified as suspicious due to its extremely broad default scope and a significant vulnerability in token handling. The `scripts/server.cjs` file, as described in `SKILL.md`, defaults to exposing the entire `C:\` drive via an HTTP server. While authentication and path traversal checks are implemented, the server allows the access token to be passed in URL query parameters, which can lead to token leakage in server logs and browser history (`scripts/server.cjs`, `assets/index.html`). This vulnerability, combined with the 'god-mode' level of access, poses a high risk if the token is compromised, allowing unauthorized read access to the entire system drive.