ClawHub

Telegram Userbot

Security checks across malware telemetry and agentic risk

Overview

This Telegram personal-account bridge appears purpose-aligned, but it asks for powerful account credentials and has concerning secret-handling and message-logging evidence.

Review this carefully before installing. Only use it if you understand that the plugin may access and send Telegram messages as your personal account. Treat the Telegram session string like a password, avoid committing or sharing it, rotate any exposed credentials, and confirm that message bodies are not logged or retained unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README includes realistic Telegram secrets in a login transcript, including an API hash, phone-based auth flow, and a full session string. Even if intended as an example, publishing credential-shaped values in documentation normalizes unsafe handling of account secrets and may expose a real reusable session if the sample was not fabricated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plugin logs outbound message text in clear form via the outbound sendText path (`text: ctx.text`). Because this is a Telegram userbot handling personal/direct/group conversations, logs may capture sensitive user content, credentials, private messages, or regulated data and expose it to operators, log processors, or downstream observability systems. The skill context increases risk because this channel is explicitly designed to act as a personal account bridge, so logged content is likely to be highly sensitive and user-facing disclosure/consent is not evident in this file.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest requires highly sensitive Telegram personal account credentials, including apiId, apiHash, and especially a sessionString that can grant direct access to the user's Telegram account. Because the plugin description explicitly says the assistant will respond as the user, collecting these secrets materially increases account-compromise risk if the skill, host platform, logs, backups, or downstream integrations mishandle them; the lack of any user-facing warning or constrained secret-handling metadata makes this more dangerous in context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The package description explicitly promotes connecting a personal Telegram account and allowing an AI assistant to respond as the user, but it provides no warning in this manifest about privacy, impersonation, account sanctions, or message-handling risks. In the context of a userbot for a personal account, this increases the chance that users deploy it without understanding that their private conversations and account reputation may be exposed to automated actions.

Ssd 3

High
Confidence
99% confidence
Finding
The README shows a full login transcript and then presents a session string that appears operationally valid, followed by instructions to store it in configuration. In the context of a Telegram userbot, a session string can grant direct access to a user account, so exposing one in docs could enable account takeover if it is real and trains users to mishandle highly sensitive tokens.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal