Telegram Voice Bot

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The bot mostly matches its description, but its Python dependency list is ambiguous and mismatched, so users should review the install before running it with a Telegram token.

Before installing, verify and pin the Python dependencies, especially the `whisper` versus `openai-whisper` mismatch. Run the bot in a virtual environment, keep `TELEGRAM_BOT_TOKEN` secret, and remember that the bot will run continuously and automatically reply to voice messages while it is active.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities

Medium

What this means

Following the documented install could fetch a different or changing Python package than intended, and installed package code runs with the user's local permissions.

Why it was flagged

Users are instructed to install from requirements.txt; the packages are unpinned, and `whisper` does not match the documented `openai-whisper` dependency, making the installed package/version ambiguous.

Skill content

requests
whisper
edge-tts

Recommendation

Replace `whisper` with the intended `openai-whisper` package if appropriate, pin dependency versions, and install in an isolated virtual environment before running the bot.

#ASI03: Identity and Privilege Abuse

Low

What this means

The token grants control over the Telegram bot API for that bot, including reading bot updates and sending messages as the bot.

Why it was flagged

The skill requires a Telegram bot token, even though the registry metadata lists no required environment variables or primary credential.

Skill content

TELEGRAM_BOT_TOKEN | Telegram Bot Token | (必填)

Recommendation

Use a dedicated bot token, keep it secret, declare it in metadata, and revoke/regenerate it if it is exposed.

#ASI07: Insecure Inter-Agent Communication

Low

What this means

Voice-message content may be processed by Telegram and by the TTS provider as part of normal bot operation.

Why it was flagged

The reply text is passed to the Edge TTS provider to synthesize audio; this is purpose-aligned and disclosed, but it means transcript-derived text may be processed outside the local machine.

Skill content

communicate = edge_tts.Communicate(text, DEFAULT_VOICE)
await communicate.save(output_file)

Recommendation

Avoid using the bot for highly sensitive voice messages unless that external processing is acceptable, and disclose the data flow to chat participants.

#ASI10: Rogue Agents

Low

What this means

The bot can automatically reply to current or queued voice messages in chats where it receives updates.

Why it was flagged

Once started, the bot continuously polls Telegram and automatically processes voice messages until interrupted; no hidden autostart or system persistence is shown.

Skill content

while True:
    updates = get_updates(offset)
    ...
    process_voice_message(chat_id, file_id, model)

Recommendation

Run it only when intended, stop it when not needed, and consider adding chat allowlists or Telegram privacy controls for production use.