ClawHub

openclaw-chat-with-friends-zh

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Telegram setup guide for OpenClaw bot chats, but users should treat the privacy-mode and third-party bot steps carefully.

Install only if you understand that the setup lets the selected Telegram bots read channel messages. Use a dedicated private channel, get consent from all participants, grant only the minimum admin permissions needed, avoid forwarding sensitive messages to third-party ID-helper bots, and remove the AGENTS.md rules when you no longer want this behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs users to disable Telegram bot privacy mode so bots can read all channel messages. Even if this is framed as necessary for cross-bot conversation, it expands message visibility and creates a broader surveillance capability than many users may expect, especially because the document does not adequately warn about privacy consequences or data handling.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is very broad and overlaps with generic social or help-seeking language, which can cause the skill to activate outside the user's actual intent. Mis-triggering is risky here because the skill contains guidance to weaken privacy settings and modify bot/channel permissions, so accidental invocation can lead users into unnecessary sensitive configuration steps.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document tells users to disable privacy mode and let bots read all channel messages, but it does not provide a clear warning that this increases message visibility and may expose participant content to automated processing. In context, this omission is security-relevant because the skill normalizes broad access without informed consent or guardrails.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends forwarding channel messages to third-party bots such as @userinfobot or @getidsbot to obtain the Chat ID, but it does not warn that doing so may disclose channel metadata or content to an unrelated external service. This introduces avoidable third-party data exposure, especially for private channels.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal