Trust Assessment
telegram-bot received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection via Unescaped User Input in Shell Commands, Command Injection via File Path in `curl -F`, Data Exfiltration via Arbitrary Webhook URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unescaped User Input in Shell Commands The skill's example bash script directly embeds potentially user-controlled variables (`$CHAT_ID`, `$TEXT`) into a double-quoted string that forms a JSON payload for a `curl` command. If `$TEXT` contains shell metacharacters (e.g., `"$(evil_command)"`) or unescaped double quotes, it can break out of the JSON string and execute arbitrary commands on the host system. This is a classic command injection vulnerability. Always properly escape or sanitize user-controlled input before embedding it into shell commands or JSON strings. For JSON, use a dedicated JSON library or tool (like `jq -c .` with a carefully constructed JSON object) to ensure proper quoting and escaping. For shell commands, use `printf %q` or similar mechanisms to escape arguments. | LLM | SKILL.md:210 | |
| HIGH | Command Injection via File Path in `curl -F` The `sendPhoto` and `sendDocument` examples use `curl -F 'photo=@/path/to/image.jpg'` and `curl -F 'document=@/path/to/file.pdf'`. If the file path (`/path/to/image.jpg` or `/path/to/file.pdf`) is derived from untrusted user input and contains shell metacharacters (e.g., `$(evil_command)`), it could lead to arbitrary command execution on the host system. Ensure that any file paths provided by the user are strictly validated and sanitized to prevent shell metacharacters. Consider using a more robust file handling mechanism that doesn't directly embed user input into shell commands, or explicitly escape the path using `printf %q`. | LLM | SKILL.md:101 | |
| HIGH | Data Exfiltration via Arbitrary Webhook URL The `setWebhook` command allows setting an arbitrary URL for Telegram updates. If an attacker can control the `url` parameter, they can direct all future Telegram updates (which may contain sensitive user messages, chat IDs, and other data) to a server they control, leading to data exfiltration. Implement strict validation and whitelisting for webhook URLs. Only allow URLs from trusted domains or specific, pre-approved endpoints. Ensure the LLM is constrained from generating arbitrary URLs for this parameter. | LLM | SKILL.md:143 | |
| MEDIUM | Data Exfiltration via Arbitrary File Upload The `sendPhoto` and `sendDocument` commands allow uploading local files to Telegram. If the LLM is prompted to send a user-specified file path, and that path points to sensitive data on the host system, the skill could facilitate the exfiltration of that data to the Telegram API. While the Telegram API is a legitimate service, the ability to upload arbitrary local files without strict controls poses a risk. Implement strict validation and access controls for file paths provided by the user. Only allow access to files within a designated sandbox directory or explicitly approved paths. Avoid allowing the LLM to specify arbitrary file paths for upload. | LLM | SKILL.md:101 |
Scan History
Embed Code
[](https://skillshield.io/report/ff60725af2ebb2df)
Powered by SkillShield