ClawHub

TG-Crawler — Telegram 舆情采集工具

Security checks across malware telemetry and agentic risk

Overview

This is a powerful Telegram collection skill with real monitoring uses, but its default targets, proxy guidance, bot discovery, and data handling are too broad and under-scoped for automatic trust.

Install only for authorized threat-intelligence, brand-protection, or compliance work. Before running it, remove unrelated preset targets, disable bot-based discovery unless you accept sending keywords to third-party Telegram bots, avoid the proxy-pool setup unless reviewed by a network/security owner, protect .env/session/export files, and confirm retention or purge settings will not delete evidence you need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The target list includes coupon/deals channels ('羊毛线报', coupons, CPS promotion) that are unrelated to the stated purpose of Telegram sentiment/intelligence collection focused on外挂-related monitoring. This scope drift increases unnecessary collection of unrelated communities and data, which can enable overbroad surveillance, privacy violations, and misuse beyond the declared function of the skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The auto-discovered targets contain many obviously unrelated channels and groups, including generic test channels, media/adult content, political/news, bots, and other off-topic communities. In a crawler skill, this means the system can silently expand into indiscriminate collection of broad Telegram content, significantly increasing surveillance reach, compliance risk, and the chance of harvesting sensitive or inappropriate data outside the declared mission.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This configuration is not a neutral Telegram public-opinion collection list: it is overwhelmingly curated around channels advertising game cheats, cracked software, piracy, and外挂 resources. In the context of an agent skill, this indicates deliberate targeting of illicit communities, which can enable monitoring, discovery, and operational support for abuse ecosystems rather than legitimate analytics.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The document materially expands the skill from Telegram collection into building a multi-VPS SOCKS5 proxy pool intended to distribute accounts across different IPs and reduce linkage/rate-limiting. In this context, that infrastructure enables evasion of platform detection controls and adds operational capability not necessary for ordinary sentiment collection, increasing abuse potential if the skill is used for large-scale scraping or account farming.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The architecture explicitly documents fallback behavior to general web_search/web_fetch and scraping t.me/s pages, which expands the skill beyond a Telegram-only collector into broader web acquisition. That creates a real scope-boundary violation: users and downstream policy controls may assume the tool only interacts with Telegram APIs, while the documented design enables collection from arbitrary web sources and alternate scraping paths that may bypass intended restrictions, logging, or review.

Description-Behavior Mismatch

Medium
Confidence
76% confidence
Finding
The skill's stated purpose is Telegram collection/monitoring, but it also supports exporting collected content to arbitrary output paths. In a high-privilege agent environment, that broad file-write capability can be abused to exfiltrate collected data to unintended locations or overwrite local files outside the expected workspace.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The --purge-after-export path performs destructive deletion of database contents and recursively removes media files from the configured media directory. In an agent setting, this creates a data-destruction capability that could be misused to erase evidence or operational data, especially since media_dir is user-configurable.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README provides destructive database-clearing commands and a purge-after-export workflow without clearly emphasizing that the deletion is irreversible. In an operational collection tool, this can cause accidental loss of evidence, audit history, or investigation data if an operator copies commands blindly.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger condition includes a broad clause that activates the skill for general sentiment-scanning tasks needing Telegram as a data source. Overbroad auto-invocation increases the chance the skill is used in contexts where Telegram collection is unnecessary, disproportionate, or privacy-sensitive, especially since the skill can log in, collect messages, and persist data. In context, this is more dangerous because the skill has broad tooling and can perform state-changing operations once invoked.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explains credential handling, multi-account use, sender information fetching, session persistence, and message collection, but it does not clearly foreground privacy, consent, retention, and sensitive-data risks. That omission can lead users to collect personal data or use shared credentials without understanding legal/compliance obligations, especially when sender usernames/display names and private-group content may be stored and exported.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The configuration uses a single global keyword, “外挂”, to drive collection across a large set of Telegram channels and groups. This term is broad and can match cheating tools, gaming discussions, resale content, or unrelated slang, which increases over-collection and makes the crawler more likely to ingest irrelevant, sensitive, or high-risk content from loosely related communities.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The file hard-codes a Chinese-language targeting policy and enumerates many Telegram channels/groups whose notes reference pornography, drugs, fraud/data trading, and other illicit or sensitive themes, with automatic discovery entries expanding scope further. In this context, the lack of user choice or justification is not merely localization; it reflects a preselected surveillance/collection policy aimed at specific language communities and risky subject matter, increasing the chance of abusive monitoring and collection of illegal or highly sensitive content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The playbook gives operational guidance for discovering and monitoring Telegram channels tied to fraud, gray-market activity, and abuse, but it omits warnings about legal restrictions, privacy obligations, Telegram ToS/account bans, and analyst safety. In this skill context, that increases the chance users will run collection against risky communities without proper authorization or safeguards, creating compliance and operational risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide provides root-level installation and network exposure steps that open a public SOCKS5 service on port 1080, plus firewall changes, without strong warnings about security impact. It also includes a hardcoded default password and instructs sharing proxy credentials, which could result in an exposed relay, unauthorized use, credential leakage, or compromise of the VPS/network boundary.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends user-supplied keywords to third-party Telegram search bots, which discloses query content to external operators without any in-file warning, consent flow, or trust boundary control. In this skill’s context, the keywords may represent monitoring targets, investigations, or sensitive topics, so leaking them to unrelated bot operators creates a real privacy and operational-security risk.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal