ClawHub

Telegram Cloud Storage

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Teldrive wrapper, but installing it means trusting an external Teldrive binary and protecting sensitive storage credentials.

Install only if you trust the upstream Teldrive GitHub release source. Protect config.toml, token.txt, TELDRIVE_TOKEN, TELDRIVE_SESSION_HASH, and database session rows as credentials; restrict local file permissions and do not commit or share them. Require explicit approval before an agent uploads, renames, or deletes files, and stop the background Teldrive process when it is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'url' from requests.get (line 83, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
url = f"{BASE_URL}/files/{file_id}/{name}"
    params = {"download": "1", "hash": session_hash}
    
    with requests.get(url, params=params, stream=True) as r:
        r.raise_for_status()
        with open(local_path, "wb") as f:
            for chunk in r.iter_content(chunk_size=8192):
Confidence
72% confidence
Finding
with requests.get(url, params=params, stream=True) as r:

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to handle highly sensitive authentication artifacts such as a JWT token and Telegram session hash, and even points to storage locations for retrieving them, without any warning about secrecy, storage, rotation, or exposure risks. If these values are leaked through logs, shell history, screenshots, or copied configs, an attacker could access the Teldrive account or Telegram-backed storage.

Missing User Warnings

High
Confidence
85% confidence
Finding
The delete command performs a destructive remote action immediately with no confirmation, safeguard, or dry-run mode. In a storage-management tool, this increases the chance of accidental or scripted data loss, especially when file IDs are supplied incorrectly or automation runs with the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script fetches a prebuilt executable from the network and installs it locally without any integrity verification, signature check, or explicit safety prompt. This creates a software supply-chain risk: if the release asset, GitHub account, transport path, or download target is compromised, users may execute a malicious binary with the trust of the local skill installation flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script interactively collects highly sensitive secrets including the Telegram app hash, PostgreSQL connection string, and JWT secret, then writes them directly to a persistent config file without warning the user about storage, file sensitivity, or permissions. In this skill's context, those credentials can grant access to the Telegram-backed storage service and database, so accidental exposure via permissive file permissions, backups, or source-control commits could compromise the deployment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal