Back to skill

Security audit

Phy Telegram Bot Payments

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Telegram payment add-on, but its sample webhook and startup instructions can modify local credit files and bot webhook settings with insufficient scoping and validation.

Review and harden before production use: validate Telegram user IDs as numeric IDs, constrain writes to a dedicated data directory, require non-empty Stripe webhook secrets, use Telegram webhook secret tokens or another origin check, map Stripe price IDs to credits server-side, and only call setWebhook when you intentionally want to change the bot’s delivery mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation says credits can be derived from Stripe product metadata or line items, but the webhook implementation only trusts session metadata and never retrieves line items. This mismatch can cause purchases to complete without credits being granted or can incentivize unsafe future patches where developers parse unverified fields inconsistently, leading to billing/entitlement integrity issues.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.