Back to skill

Security audit

Telegram History via LifeQuery

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can search sensitive Telegram history through a configurable LifeQuery server without enough privacy and endpoint guardrails.

Install only if you control and trust the LifeQuery endpoint. Prefer localhost, use HTTPS and authentication for any remote server, avoid setting LIFEQUERY_API_KEY for an untrusted URL, and treat every query/result as private Telegram data that may be logged by the configured LifeQuery service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'req' from os.environ.get (line 43, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST"
        )
        
        with urllib.request.urlopen(req) as response:
            result = json.loads(response.read().decode("utf-8"))
        
        # Print the text answer (which LifeQuery automatically grounds with citations)
Confidence
95% confidence
Finding
with urllib.request.urlopen(req) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares use of environment variables and network access but does not declare corresponding permissions, which weakens transparency and permission enforcement. In this context, the skill sends user queries and potentially retrieved Telegram-derived content to an external LifeQuery service, so undeclared capabilities increase the risk of unintended data exposure and make review harder.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill does not provide a clear user-facing warning that Telegram chat history content will be transmitted to a LifeQuery service for processing. Because chat history can contain sensitive personal data, links, files, and information about third parties, lack of disclosure undermines informed consent and can lead to privacy breaches, especially if the LifeQuery instance is remote or externally hosted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly grants access to the user's entire Telegram chat history and states that queries may be handled by a local or remote LifeQuery instance, but it provides no warning, consent flow, or disclosure about the sensitivity of the data or the possibility of transmitting it off-device. This creates a real privacy and data-exposure risk because users may invoke the skill without understanding that highly sensitive personal communications could be searched and potentially sent to another service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.