Back to skill

Security audit

Telegram Compose

Security checks across malware telemetry and agentic risk

Overview

This skill openly formats and sends Telegram messages using a configured bot token, which matches its stated purpose but should be used only for intended Telegram delivery.

Install this only if you want OpenClaw to send longer or structured Telegram replies through your Telegram bot. Keep bot accounts and chat IDs tightly scoped, avoid sending secrets unless you intend them to appear in Telegram, and prefer validated account names from your config.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is configured to auto-invoke for any Telegram reply over three lines or with structured data, which is broad enough to capture ordinary content rather than only explicitly approved delivery actions. Because this skill reads credentials and performs direct network transmission to Telegram, an overly permissive trigger increases the chance of unintended exfiltration or duplicate sending from routine agent output.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The decision rule provides only positive triggers and lacks clear 'do not invoke' boundaries, so agents may call the skill in ambiguous cases. In a skill that can access bot tokens and send content externally, ambiguity materially raises the risk of accidental disclosure, unwanted messaging, or abuse through prompt-shaped content that appears to satisfy the trigger.

External Transmission

Medium
Category
Data Exfiltration
Content
BOT_TOKEN=$(jq -r ".channels.telegram.accounts.$ACCOUNT.botToken" "$CONFIG")

# Without topic thread
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
  -H "Content-Type: application/json" \
  -d "$(jq -n \
    --arg chat "$CHAT_ID" \
Confidence
91% confidence
Finding
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \ -H "Content-Type: application/json" \ -d "$(jq -n \ --arg chat "$CHAT_ID" \ --arg text "$MESSAGE" \ '{ ch

External Transmission

Medium
Category
Data Exfiltration
Content
BOT_TOKEN=$(jq -r ".channels.telegram.accounts.$ACCOUNT.botToken" "$CONFIG")

# Without topic thread
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
  -H "Content-Type: application/json" \
  -d "$(jq -n \
    --arg chat "$CHAT_ID" \
Confidence
91% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
}')"

# With topic thread
curl -s -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
  -H "Content-Type: application/json" \
  -d "$(jq -n \
    --arg chat "$CHAT_ID" \
Confidence
91% confidence
Finding
https://api.telegram.org/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.