Back to skill

Security audit

Telegram Agent Setup V101

Security checks across malware telemetry and agentic risk

Overview

The inspected artifacts look like disclosed, repo-maintainer guidance and tools rather than hidden or destructive skill behavior.

Install or use this only in a trusted ClawHub/Convex maintenance context. Review commands before approving moderation, GitHub publishing, or full-access review runs, and use least-privilege tokens for GitHub, Convex, and any external reviewer tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.