ClawHub

openclaw-chat-with-friends-cn

Security checks across malware telemetry and agentic risk

Overview

This is a transparent setup guide for Telegram-based OpenClaw bot conversations, with privacy-sensitive but purpose-aligned steps users should handle carefully.

Install only if you are comfortable giving the involved Telegram bots visibility into the dedicated channel. Use a private channel with consenting participants, grant the minimum Telegram permissions needed, avoid sensitive conversations there, use non-sensitive test messages if relying on third-party Chat ID bots, and remove stale AGENTS.md channel details or bot admin permissions when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs users to disable Telegram bot privacy mode so bots can read all channel messages, which expands message visibility beyond targeted bot interactions to full-channel monitoring. In this context the access is functionally related to multi-bot chatting, but the skill does not clearly warn users that all channel content becomes readable to the bot, creating an avoidable privacy and data-minimization risk.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The skill tells users to persist channel IDs, participant names, and behavioral rules into AGENTS.md so they are automatically loaded in future sessions. While this supports the feature, it creates local persistence of chat metadata and configuration that may be exposed to other tools, backups, or users on the host system without any warning or storage guidance.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Disabling Telegram bot privacy mode allows the bot to access all channel messages, but the skill presents this as a setup necessity without an explicit privacy notice or informed-consent step. Users may enable broad visibility without understanding that unrelated or sensitive channel content will also become available to the bot.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill recommends forwarding channel messages to third-party Telegram bots such as @userinfobot or @getidsbot to obtain a Chat ID. This unnecessarily discloses channel metadata and possibly message content to external services outside the user's control, with no warning about trust, retention, or privacy implications.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs users to store channel identifiers, bot names, and interaction rules in AGENTS.md without warning that this creates durable local metadata about the channel and participants. Although lower impact than message exposure, this still increases privacy and operational risk if the file is synced, shared, or accessed by others.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill explicitly directs persistence of user- and channel-specific details in AGENTS.md so they are automatically loaded into future sessions. That creates cross-session retention of contextual data, which can broaden exposure, cause unintended reuse in other contexts, and make sensitive operational details available longer than users expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal