ClawHub

telegram-send-photo

Security checks across malware telemetry and agentic risk

Overview

This Telegram photo skill does what it says at a basic level, but it is preconfigured to send local images to a fixed Telegram bot/chat and can automatically send the latest screenshot without user confirmation.

Review carefully before installing. Do not use this as published unless you trust the destination chat, rotate/remove the exposed bot token, replace the hardcoded chat ID with your own secure configuration, and require explicit confirmation of the exact image before any upload to Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code contains a hardcoded Telegram bot token and fixed chat ID, which are live credentials enabling outbound transmission to a specific recipient. Embedding secrets in source code is dangerous because anyone with code access can reuse the bot token, and the fixed destination facilitates covert or unintended data exfiltration.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Although the skill is described as sending photos, it also automatically enumerates a fixed local screenshot directory and selects the latest PNG for transmission. In context, screenshots can contain sensitive user data, so this behavior materially increases exfiltration risk beyond a simple user-chosen file send operation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes uploading photos to Telegram but does not warn users that local images are sent to a third-party external service, potentially exposing sensitive content. Because screenshots and images often contain credentials, personal data, or confidential information, missing privacy disclosure increases the chance of unsafe use.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The function transmits a local photo file to Telegram over the network without any user-facing disclosure, consent check, or confirmation at send time. Even though network transmission is the stated purpose of the skill, the absence of clear notice and confirmation is risky because image files may contain sensitive visual data or metadata.

Missing User Warnings

High
Confidence
98% confidence
Finding
By hardcoding both the bot token and the target chat ID, the skill can send data to a predetermined external recipient without requiring the user to understand or approve where the data is going. This creates a strong exfiltration pattern because sensitive files can be routed off-device to a fixed endpoint controlled by whoever owns that bot/chat.

Missing User Warnings

High
Confidence
98% confidence
Finding
The helper function automatically picks the latest screenshot from a local directory and sends it, with no explicit warning or confirmation. Because screenshots often capture passwords, messages, tokens, or personal content, automatic selection and transmission makes accidental or covert disclosure significantly more dangerous in this skill context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal