ClawHub

Telegram QR Login Workaround

Security checks across malware telemetry and agentic risk

Overview

The Telegram login guide has a plausible core purpose, but it also asks users to hand over sensitive account credentials and includes unrelated account-management and publishing workflows.

Review carefully before installing. Use the Telegram QR login steps only on a trusted machine, treat QR codes, Telegram API credentials, session files, GitHub PATs, and ClawHub tokens as secrets, and do not send PATs or login QR images to another person or agent. If publishing is needed, perform it yourself through your own authenticated browser or CLI session and revoke any session or token you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The GitHub Gist and ClawHub publishing instructions are unrelated to the stated Telegram login workaround and broaden the skill's scope into credential handling and external publication. This kind of scope drift is dangerous because it introduces unnecessary opportunities for credential collection, exfiltration, and user confusion about what access is actually required.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Referencing batch conversation cleanup adds a separate account-management capability beyond QR login troubleshooting. While not inherently malicious, unrelated account-operation guidance increases the attack surface and can normalize broader access to a user's Telegram account than the stated purpose requires.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly instructs users to create a GitHub personal access token and send it to the operator. Asking a user to hand over a reusable credential is highly dangerous because the token can be abused to act on the user's behalf, access private resources permitted by the scope, and persist beyond the immediate task.

Ssd 3

High
Confidence
100% confidence
Finding
The instructions tell the user to obtain a GitHub PAT and hand it over so it can be used on their behalf. This is a classic credential-delegation anti-pattern and materially enables account misuse, unauthorized publication, and potential access to other GitHub data depending on token scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal