ClawHub
Back to skill

Security audit

Signallink

Security checks across malware telemetry and agentic risk

Overview

SignalLink appears to be a legitimate Telegram alert router, but one endpoint can let anyone who reaches the service send arbitrary messages to the configured Telegram chat.

Review before installing. Use a dedicated Telegram bot, store its token only in a local secret mechanism, set WEBHOOK_SECRET, patch or disable /webhook/raw until it requires the same secret, and expose the server only behind HTTPS and network restrictions. Avoid sending secrets, personal data, or sensitive incident/trading details in webhook payloads because they are forwarded to Telegram and may also appear in server logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill presents itself primarily as a TradingView-to-Telegram router, but the documentation shows it accepts arbitrary webhook payloads from any source and may run without authentication if WEBHOOK_SECRET is unset. That broader behavior increases the attack surface substantially: an exposed instance could be abused by unauthenticated third parties to relay arbitrary content into Telegram, spam users, or serve as a generic message-forwarding bridge.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The /webhook/raw endpoint accepts arbitrary JSON and forwards it to Telegram without any authentication or authorization check. This allows any external party who can reach the service to spam Telegram, inject misleading alerts, or abuse the service as an open message relay, which is especially dangerous given the skill's alert-forwarding context where recipients may trust messages as operational or trading signals.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
verify_secret returns true when WEBHOOK_SECRET is unset, creating an unauthenticated open mode while the endpoint documentation suggests secret validation is performed. In practice, this means the main webhook can silently become public and accept arbitrary alert submissions, enabling spoofed trading notifications, spam, and abuse of the Telegram integration.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The application logs the configured Telegram chat ID at startup, which exposes deployment-specific configuration to anyone with log access. While a chat ID is not a secret like a bot token, it is still sensitive metadata that can aid reconnaissance, reveal internal routing details, and unnecessarily broaden the impact of log leakage in hosted or shared environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes forwarding webhook payloads to Telegram but does not warn users that submitted data will be sent to a third-party messaging platform. This can lead operators to unintentionally route sensitive operational, trading, or webhook data outside their trust boundary, especially since the service accepts alerts from arbitrary custom sources.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The instructions ask users to provide TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID without a clear warning that the bot token is a sensitive credential that grants control over the bot. In an agent or shared environment, this can lead to accidental disclosure in chat history, logs, screenshots, or misconfigured files, enabling bot takeover or unauthorized message sending.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.