Back to skill

Security audit

Telegram Stickers

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Telegram sticker-making tool, but animated sticker creation uploads the generated WebM to tmpfiles.org by default unless the user disables it.

Install only if you are comfortable with local image processing plus the documented animated-sticker upload workflow. Use --no-upload for personal photos, private artwork, copyrighted material, or anything you do not want sent to tmpfiles.org; install Python packages and ffmpeg from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents network and shell-capable operations but does not declare corresponding permissions. This creates a trust and governance gap: users or orchestrators may invoke a skill that can execute local commands and transmit data externally without explicit consent boundaries. In this context, the risk is elevated because the skill processes user-supplied images and can upload outputs to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated behavior emphasizes sticker creation and Telegram workflow, but the skill also uploads generated files to tmpfiles.org, which is a separate third-party file-hosting service. Undisclosed external transmission is dangerous because users may provide private photos, NFT art, or proprietary media without realizing the content will be exposed via a public or semi-public download link.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script advertises optional upload but actually enables upload by default, causing generated sticker content to be sent to a third-party hosting service unless the user explicitly opts out. In the context of a sticker-generation skill, this increases data exposure risk because user images or derived media may contain private, copyrighted, or sensitive content that leaves the local environment unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The embedded tmpfiles.org upload capability introduces unnecessary third-party exfiltration functionality into a tool whose primary purpose is local WebM creation. Even if intended for convenience, bundling file-hosting logic broadens the attack surface and can leak user-generated media outside expected Telegram packaging workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automatic upload to tmpfiles.org without a prominent warning that user content leaves the local environment and becomes accessible through a generated link. This can lead to unintended disclosure of sensitive images, metadata, or copyrighted material, especially because the upload appears integrated into the normal workflow rather than presented as an exceptional step.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The upload instructions provide a direct curl command to send files to tmpfiles.org but omit any safety guidance about third-party storage, temporary-public links, retention, or suitability for sensitive images. In a skill handling personal photos and art assets, this omission materially increases the chance of accidental data exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Animated sticker generation uploads output to tmpfiles.org by default unless the user explicitly supplies --no-upload. That creates an unexpected external data transfer of user content, which can expose private images or derived media to a third-party service and is especially risky in a tool likely to process personal photos or proprietary artwork.

VirusTotal

2/65 vendors flagged this skill as malicious, and 63/65 flagged it as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.