Back to skill

Security audit

Telegram Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This Telegram memory skill appears useful, but it handles private chat/channel data and persistent API keys with incomplete consent and privacy disclosure.

Review before installing. Only use it for Telegram sources you are authorized to sync, assume connected channel/chat content may be processed by a third-party service, and avoid pasting API keys into chat unless you understand where they will be stored and how to remove them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as a Telegram memory/search capability, but it also includes an operation to add new Telegram channels as data sources. That expands the data-access scope beyond passive querying and can cause users or agents to onboard additional channels without a clear consent boundary or prominent privacy warning.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to write a user-provided API key into a persistent local config file, which creates a secret-handling risk and expands exposure if the machine or config is later accessed by other tools or users. Persisting credentials is security-sensitive and should not be done implicitly as part of ordinary skill usage without explicit consent and safer secret storage.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition is broad enough to activate on almost any mention of Telegram memory, channels, or the skill, even when the user may only be asking a general question. That increases the chance the agent will steer users into setup, key collection, or external-service use without clear intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description does not clearly warn that Telegram conversation data is processed by an external service and may involve syncing channel content off-platform. For a tool handling potentially sensitive conversations, missing upfront disclosure materially weakens informed consent and increases privacy risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.