Telegram Chat To Image

Security checks across malware telemetry and agentic risk

Overview

This skill locally converts a user-selected Telegram JSON export into an image, with the main caution being privacy when handling or sharing chat history.

Install only if you intend to process Telegram chat exports locally. Review and redact the JSON, PNG, or ZIP before sharing, treat outputs as sensitive conversation records, and install Pillow from a trusted Python environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This skill processes and helps share exported private conversations, yet the documentation omits a clear warning that Telegram exports and generated screenshots may contain sensitive personal, financial, or confidential information. That omission increases the risk of unintended disclosure when users convert or transmit chat history, especially because the skill explicitly recommends packaging and sending outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal