Security audit

Telegram Full Access

Security checks across malware telemetry and agentic risk

Overview

This package is a small, disclosed Telegram MCP connector, but it requires sensitive Telegram session and database settings that users should handle carefully.

Install only if you intend to give the configured MCP runtime access to your Telegram account. Keep TELEGRAM_API_HASH, DATABASE_URL, and especially the Telegram session file private, and use a trusted tgchats-mcp installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest configures an MCP server with highly sensitive Telegram credentials and a session path, but provides no user-facing disclosure, warning, or scoping information about how those secrets are used. In the context of a 'Telegram Full Access' skill tied to a user-owned account, this increases the risk of over-privileged access, accidental credential exposure, or unsafe deployment by users who may not realize the security implications.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal