ClawHub

TMS (Telegram Media Server)

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for controlling a user-configured Telegram Media Server, with real but disclosed delete and API-key risks.

Install this only for a TMS instance you control. Keep TMS_API_KEY in per-skill or agent secret configuration, never in chat or public screenshots, and redact any listing assets. Before deleting, list downloads first and confirm the exact id/title because deletion removes associated state and local files; restrict model invocation if you want only explicit user-requested actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents a delete operation that removes downloads, database/library rows, local files, and related qBittorrent entries, but it does not instruct the agent to require explicit user confirmation before invoking it. In an agent setting, this increases the chance of accidental destructive actions from ambiguous prompts, mis-resolved IDs, or prompt injection that tricks the agent into deleting content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly advertises the ability to remove downloads everywhere, but it does not warn users that this action is destructive or may delete active, queued, or completed download state. In an agent-driven context, omission of cautionary language increases the chance of unintended deletion because the capability may be invoked automatically or with ambiguous user intent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README explicitly suggests a screenshot of configuration showing `TMS_API_KEY`, which can lead publishers to expose a live secret in public listing assets. Because this skill controls a Telegram Media Server over REST, disclosure of the API key could allow unauthorized download management, search operations, and potentially broader server access depending on backend trust boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal