Security audit
Telegram Agent Setup V101
Security checks across malware telemetry and agentic risk
Overview
The inspected artifacts look like disclosed, repo-maintainer guidance and tools rather than hidden or destructive skill behavior.
Install or use this only in a trusted ClawHub/Convex maintenance context. Review commands before approving moderation, GitHub publishing, or full-access review runs, and use least-privilege tokens for GitHub, Convex, and any external reviewer tools.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
