ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GramGate

v0.1.1

Telegram gateway for AI agents and automation. Use GramGate to access a real Telegram account over REST or MCP: read channels and history, search across chat...

0· 33·0 current·0 all-time
by@zakirovdmr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill promises MTProto user-account access (read history, send messages, click buttons) but the package is instruction-only and declares only python3 as a requirement. There are no declared credentials (Telegram API_ID/API_HASH, phone number, session file) or config paths even though a real user account is needed. That mismatch suggests the skill's manifest is incomplete or misleading.
Instruction Scope
SKILL.md instructs the agent to call local REST/MCP endpoints (e.g., http://127.0.0.1:18791) to perform sensitive actions. The instructions themselves do not tell the agent to read unrelated files or env vars, but they assume an external GramGate service is running and already authenticated to a Telegram account — this implicit prerequisite is not documented in the manifest.
Install Mechanism
There is no install spec or code bundled with the skill (instruction-only). This is lower immediate installation risk, but it also means the skill depends on an out-of-band install (GitHub repo) that the manifest does not verify or pin — the runtime behavior depends on whatever implementation the user installs separately.
!
Credentials
The skill enables read/write access to a real Telegram account (sensitive access) yet declares no required credentials or primaryEnv. A legitimately functioning GramGate deployment would require Telegram API credentials and/or session state; the absence of declared secrets is disproportionate and hides where/when credentials must be provided.
!
Persistence & Privilege
always:false (normal), but the skill allows the agent to call local services autonomously. Combined with the missing credential/config declarations and the powerful actions described (reading history, sending messages), autonomous invocation increases risk if a user later installs an untrusted GramGate server or exposes it beyond localhost.
What to consider before installing
This skill is suspicious because it describes a powerful Telegram gateway but provides no install, credential, or configuration details. Before installing or using it: (1) verify the upstream repository and review its code for how it stores/uses Telegram API_ID/API_HASH, session files, and any network endpoints; (2) do not expose the service to the internet without authentication and rate-limiting; (3) run the service in an isolated environment (container/VM) if you must use it; (4) restrict agent autonomy or require explicit user approval before the agent issues any write actions (sending/joining/posts); and (5) if you cannot audit the implementation, avoid providing your real Telegram account credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ayxj75tbsvzq34m572dwtx84t9mj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
Binspython3

Comments