ClawHub

Telegram Telethon CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Telegram user-account automation tool, but it gives an agent broad account-changing powers without enough built-in safety guidance.

Install only if you intend to let an agent operate a real Telegram user account. Keep API credentials and session files private, avoid storing secrets in shared docs or version control, and require explicit confirmation before sending, deleting, joining, leaving, inviting, kicking, blocking, changing admins, updating profiles, or listening to chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to run shell commands (`bash <skill-dir>/scripts/install.sh` and `tgctl-telethon ...`) but does not declare permissions for shell access. This creates a capability/consent mismatch: the agent may invoke local command execution, package installation, and filesystem changes without an explicit permission boundary, increasing the risk of unintended command execution.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation guidance is very broad: 'Use when user asks to interact with Telegram as a user account' could match many ambiguous requests. Because the skill exposes high-impact account actions such as joining groups, messaging, deleting content, and managing admins, broad triggering increases the chance the agent invokes sensitive capabilities without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises destructive and privacy-sensitive actions—delete, kick, invite, block, manage admins, listen for messages, update profile—without warning or consent guidance. In the context of a user-account Telegram client, these capabilities can directly affect third parties, expose private data, or alter account/group state if invoked casually or through ambiguous prompts.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: telegram-telethon
description: Manage Telegram via tgctl-telethon CLI (Python/Telethon) - send/forward/edit/delete/pin messages, search, list chats/members, join/leave groups, kick/invite users, block/unblock, send files, download media, start bots, create groups/channels, manage admins, update profile, listen for messages. Use when user asks to interact with Telegram as a user account (not bot API). Powered by Telethon (MTProto).
---

# Telegram CLI (tgctl-telethon)
Confidence
88% confidence
Finding
create groups/channels, manage admins, update profile, listen for messages. Use when user asks to interact with Telegram as a user account (not bot API). Powered by Telethon (MTProto). --- # Telegram

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal