Telegram CS Agent

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Telegram customer-support bot, but it needs Review because it runs from a real Telegram account and shares customer messages/metadata with third parties without enough disclosure or controls.

Install only if you intentionally want a long-running support bot that uses a real Telegram account, sends chat content to Anthropic, and may forward user identifiers and message excerpts to a human support chat. Before production use, add privacy/consent notices, redact sensitive content, protect and rotate the Telethon session and API keys, consider a dedicated Telegram account, pin dependencies, and correct the financial/deposit guidance with clear risk disclosures.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly instructs use of shell commands, reading local files, and handling secrets via a .env file, yet it declares no permissions. That mismatch weakens user awareness and policy enforcement, increasing the chance an agent executes filesystem or environment-sensitive actions without explicit approval.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document gives materially inconsistent guidance about whether creating an event requires a 1000 USDT deposit, no deposit, or a configurable deposit depending on mode. In a financial/prediction-market context, contradictory requirements can mislead users about costs, risk exposure, and platform mechanics, which may cause harmful financial decisions or support misconfiguration.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill uses a Telethon userbot that operates through a real Telegram user account, but this material does not prominently warn users that actions will appear to come from a personal identity rather than a bot account. That can mislead operators about impersonation, account-risk, and policy implications, especially because user accounts have broader social and trust impact than Bot API bots.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The handoff flow says user info is sent to HANDOFF_CHAT_ID, but the skill does not present this as a privacy warning or specify what data is forwarded. This creates a real risk of unintended disclosure of personal data, conversation content, or identifiers to an admin chat without adequate notice or minimization.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This document gives operational instructions for ultra-short-term leveraged-style binary trading behavior, including stake sizing, payout mechanics, and rapid settlement, without any explicit risk warning or caution about loss of funds. In the context of a customer-service bot knowledge base, this can enable the bot to present high-risk speculative activity in a normalized, instructional way, increasing the chance of harmful financial guidance to users.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The handoff flow forwards up to 200 characters of the user's message, along with chat and user identifiers, to a separate handoff chat without any prior disclosure or consent mechanism. In a customer-support bot context, users may include sensitive personal or account information, so this creates a real privacy and data-sharing risk even if it is operationally intended.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Setup New Bot ### 1. Create project ```bash mkdir -p ~/tg-cs-bot && cd ~/tg-cs-bot
Confidence: 71% confidence
Finding: Create project ```bash mkdir -p ~/tg-cs-bot && cd ~/tg-cs-bot cp -r <skill_dir>/scripts/*.py . pip install anthropic chromadb sentence-transformers python-dotenv telethon ``` ### 2. Configure enviro

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal