Back to skill

Security audit

Telegram Voice Group

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it claims, but it asks for unnecessary Telegram admin powers and has unsafe command execution paths.

Install only after limiting the Telegram bot to the minimum send-message/send-media permissions, and avoid using this skill with untrusted inputs or shared agent access until the command execution is rewritten with safe argument passing. Do not send secrets, private data, or sensitive group metadata through it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill is intended only to send voice messages to a Telegram group, but the documentation instructs users to grant the bot powerful admin capabilities such as deleting messages, restricting members, banning users, and optionally adding admins. This violates least-privilege and materially increases the blast radius if the bot, its token, or the surrounding agent system is compromised or misused.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The feature explicitly supports sending generated voice content to arbitrary Telegram groups and topics, but the documentation does not mention consent, destination verification, or any warning that user content is being transmitted to an external third-party service. In an agent context, this creates a real risk of unintended data exfiltration, misdelivery to the wrong group/thread, or disclosure of sensitive text after TTS conversion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to grant the bot broad Telegram admin permissions, including message deletion, member restriction/ban, and optional admin management, without explaining the security consequences or applying least-privilege guidance. If the bot is compromised, misconfigured, or behaves unexpectedly, it could moderate users, alter group state, or escalate administrative impact far beyond what is needed to send voice messages.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README tells users to send group links, IDs, and topic identifiers to the bot without a privacy or trust warning. While these identifiers are not secret credentials by themselves, directing users to provide infrastructure and community metadata to an automated agent can expose internal group structure and enable targeting, enumeration, or unintended retention of sensitive operational details.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill instructs users to provide group links, group IDs, and topic IDs to the bot and to send generated voice content to Telegram, but it does not warn that these identifiers and message contents are transmitted to external systems and may be logged or retained. In a group context, this can expose internal community structure or sensitive content without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Requesting broad Telegram admin permissions without any warning about the security consequences can cause users to over-trust the skill and grant unnecessary control over the group. If the bot or its credentials are abused, an attacker could moderate, censor, remove users, or otherwise take over group operations far beyond sending voice messages.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The documentation instructs users to send voice content to a Telegram group/topic but does not clearly warn that the supplied content will be transmitted to an external third-party service and potentially disclosed to all members of that group/topic. In a messaging skill, this omission can lead to accidental sharing of sensitive or private information because users may not realize the action leaves the local agent context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `voice` and `rate` parameters are interpolated into a shell command passed to `exec`, which invokes a shell. Although `voice` is wrapped in double quotes and quotes are stripped from `text`, shell metacharacters such as command substitution can still be interpreted inside double quotes, allowing command injection via untrusted input.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.