ClawHub

Telegram Voice Group

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to send Telegram voice messages, but it asks for unnecessary Telegram admin powers and has unsafe command execution paths.

Install only after restricting the Telegram bot to the minimum send-message/send-media permissions, and use it only with trusted users or agents. Do not send secrets or private information through it, and treat the command-execution issue as needing a code fix before use in shared or untrusted environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The README instructs users to grant the bot broad Telegram admin permissions such as deleting messages, restricting members, banning members, and editing group info, even though the skill's stated purpose is only sending voice messages. This violates least-privilege principles and creates unnecessary risk: if the bot, its token, or the surrounding agent platform is compromised, an attacker could moderate, censor, or take over parts of the group well beyond voice posting.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill asks operators to grant broad Telegram admin privileges such as deleting messages, restricting members, and banning users even though the documented function is only sending voice messages. This violates least-privilege and significantly increases blast radius if the bot, skill, or surrounding agent workflow is misused or compromised.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The feature explicitly supports sending generated voice messages to arbitrary Telegram groups and topics, but the documentation provides no warning that user-provided content will be transmitted to a third-party platform. In an agent skill, this creates a real privacy and data-exfiltration risk because sensitive text could be converted to audio and posted externally without clear consent boundaries or destination restrictions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation tells users to assign powerful moderation/admin capabilities without explaining the operational and account-impact consequences. In a group-chat context, these permissions could be abused to delete content, ban users, or alter group settings, so omitting warnings materially increases the chance that operators will overprovision access and expose their communities to avoidable harm.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation instructs users to send group links, group IDs, and topic identifiers to the bot without clearly warning that these routing details may be transmitted to or stored by external systems, nor does it emphasize verifying the target before sending content. This can lead to unintended disclosure of internal group metadata or misdelivery of messages to the wrong chat/thread.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation tells users how to send voice content to a Telegram group/topic, which is an external destination, but it does not clearly warn about data disclosure, audience scope, or privacy implications. In an agent skill context, this can lead users to transmit sensitive or confidential information to a group chat without realizing it is leaving the local/system boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal