ClawHub

Telegram Send File

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Telegram file-sending helper, but users should verify the destination and avoid sending sensitive files accidentally.

Install only if you want an agent to send selected files or URL-sourced documents to Telegram. Keep the bot token private, restrict the bot to intended chats, verify the resolved chat_id/topic_id before sending sensitive material, and do not send secrets, credentials, regulated data, or internal-only URLs unless you have confirmed the destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill reads credentials and routing context from multiple local files outside the immediate user-supplied inputs, including ~/.openclaw/openclaw.json and session-state.json. In an agent setting, this creates an implicit data-access boundary violation: invoking a file-sending skill can cause it to harvest sensitive local state and then use that state to transmit files to an external Telegram destination without the caller explicitly providing the token or chat target.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes automatic file sending and OpenClaw-based auto-detection of chat/topic context without clearly warning that local files and associated chat metadata will be transmitted to Telegram using the bot account. In a skill context, this can normalize potentially sensitive exfiltration behavior and increase the chance of accidental disclosure, especially when users assume 'no args needed' implies low risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented `--url` feature fetches remote content and forwards it to Telegram, but the README does not warn users about the risks of retrieving untrusted URLs, including accidental forwarding of sensitive fetched content, exposure of network metadata, or use in SSRF-like scenarios if implemented broadly. In an agent skill, URL-to-Telegram forwarding materially expands the external transmission surface.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reference documents multiple file-upload APIs but does not warn that any local file, URL-fetched content, or reused file identifier results in data being transmitted to Telegram infrastructure and potentially exposed to chat participants. In a skill specifically designed to send files from a local environment, this omission can lead users or downstream agents to exfiltrate sensitive local data without adequate awareness or consent checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal