Telegram Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-related, but it uses a hardcoded backend token and advertises contact-changing actions without enough scoping or user-control detail.

Install only if you trust the publisher and the localhost backend service. Ask the maintainer to remove the hardcoded token, document backend setup and authentication scopes, and require explicit confirmation before changing contact stages, tags, or notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill exposes a state-changing tool (`contact_action`) that can update contact stages, tags, or notes, but the description does not clearly warn users that invoking the skill may modify CRM/contact records. This is dangerous because users may assume the skill is read-only ('Analyzer') and unintentionally trigger persistent changes to sensitive business data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill sends user-supplied search queries to a backend service together with a hardcoded agent authentication token, without any visible user consent, disclosure, or minimization controls. This creates a data exfiltration and credential exposure risk: users may not realize their input is being transmitted externally, and embedding the token in client-side skill code makes it easier to recover and misuse.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal