ClawHub

Telegram Direct Send

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill openly helps users send chosen images or files to Telegram, but its credential-handling advice should be used carefully.

Install only if you intentionally want selected files sent directly to Telegram. Use a dedicated bot token, verify the chat ID and file path before sending, avoid sensitive screenshots or regulated data, restrict .env permissions, and prefer per-session credential loading over adding bot tokens to global shell startup files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to transmit images, captions, chat identifiers, and bot-authenticated requests to Telegram, but it does not prominently warn users about privacy, data handling, or the fact that content leaves the local/OpenClaw environment and is sent to a third party. In a skill whose purpose is to bypass the platform's normal delivery path, the missing disclosure materially increases the risk of unintended exfiltration of sensitive screenshots or metadata.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs users to upload local images and captions to Telegram's Bot API, but it does not warn that files, captions, and associated metadata are being transmitted to a third-party service outside the host platform. In a skill intended to bypass the native delivery pipeline, that omission materially increases the chance users will send sensitive screenshots or documents without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions recommend sourcing a .env file and even adding it to shell startup for auto-load, but do not explain that this places bot credentials into the process environment for the session and any child processes. That broadens exposure of the Telegram token beyond a single command and can make accidental leakage through shell history, debugging output, or subprocess inspection more likely.

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=${TELEGRAM_CHAT_ID}" \
  -F "photo=@/path/to/image.png" \
  -F "caption=My screenshot" \
  "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendPhoto"
```

## Setup
Confidence
98% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=${TELEGRAM_CHAT_ID}" \
  -F "photo=@$1" \
  -F "caption=${2:-Image}" \
  "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendPhoto"
```

Then: `chmod +x send-image.sh && ./send-image.sh ./photo.png "My caption"`
Confidence
97% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=${TELEGRAM_CHAT_ID}" \
  -F "photo=@./screenshot.png" \
  -F "caption=Screenshot from $(date)" \
  "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendPhoto"
```

### Send as document (no compression)
Confidence
97% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
-F "chat_id=${TELEGRAM_CHAT_ID}" \
  -F "document=@/path/to/image.png" \
  -F "caption=Original quality" \
  "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendDocument"
```

### Send with inline keyboard
Confidence
96% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
-F "photo=@./image.png" \
  -F "caption=Choose:" \
  -F "reply_markup={\"inline_keyboard\":[[{\"text\":\"Yes\",\"callback_data\":\"yes\"},{\"text\":\"No\",\"callback_data\":\"no\"}]]}" \
  "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendPhoto"
```

## API Reference
Confidence
95% confidence
Finding
https://api.telegram.org/

Credential Access

High
Category
Privilege Escalation
Content
# Edit .env with your tokens

# 2. Source the env file (or add to ~/.bashrc for auto-load)
source .env

# 3. Send an image
curl -s -X POST \
Confidence
87% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
**Security:** `.env` is gitignored — never commit secrets!

### 4. Auto-Load .env (Optional but Recommended)

**For OpenClaw sessions:**
Add to your `~/.bashrc` or `~/.zshrc`:
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
#!/bin/bash
# Load env vars from skill directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
if [ -f "$SCRIPT_DIR/.env" ]; then
    source "$SCRIPT_DIR/.env"
fi
Confidence
90% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
# Load env vars from skill directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
if [ -f "$SCRIPT_DIR/.env" ]; then
    source "$SCRIPT_DIR/.env"
fi

# Now use the vars
Confidence
89% confidence
Finding
.env"

Session Persistence

Medium
Category
Rogue Agent
Content
cp .env.example .env
# Edit .env with your tokens

# 2. Source the env file (or add to ~/.bashrc for auto-load)
source .env

# 3. Send an image
Confidence
90% confidence
Finding
add to ~/.bashrc

Session Persistence

Medium
Category
Rogue Agent
Content
export TELEGRAM_BOT_TOKEN="your_token"
export TELEGRAM_CHAT_ID="your_chat_id"

# Option B: Create .env file (recommended)
cp .env.example .env
# Edit .env with your values
source .env
Confidence
82% confidence
Finding
Create .env file (recommended) cp .env.example .env # Edit .env with your values source .env ``` **Security:** `.env` is gitignored — never commit secrets! ### 4. Auto-Load .env (Optional but Recomm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal