Trust Assessment
telegram-cloud-storage received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Shell command injection via unescaped user input in setup.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell command injection via unescaped user input in setup.sh The `scripts/setup.sh` script uses `sed -i` to modify configuration files based on user input for `APP_ID`, `APP_HASH`, `DB_SOURCE`, and `JWT_SECRET`. These variables are directly embedded into the `sed` command string without proper escaping for all `sed` metacharacters (e.g., `&`, `\`, `[`, `*`, `.`, etc.). An attacker providing specially crafted input could inject arbitrary shell commands, leading to remote code execution. This also poses a significant credential harvesting risk, as the injected commands could exfiltrate the sensitive Telegram API keys, database connection string, or JWT secret, as well as other system information. Avoid direct concatenation of user input into shell commands. Instead, use a safer method for configuration file modification, such as a dedicated configuration parsing library (e.g., Python's `configparser` or a TOML library) or a templating engine. If `sed` must be used, ensure all user-provided input is thoroughly escaped for `sed`'s regular expression and replacement syntax, or use a more robust approach like writing the entire line to a temporary file and then replacing the original. | LLM | scripts/setup.sh:26 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/oki3505f/telegram-cloud-storage/scripts/client.py:53 | |
| HIGH | Potential data exfiltration: file read + network send Function 'download_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/oki3505f/telegram-cloud-storage/scripts/client.py:88 | |
| HIGH | Path traversal vulnerability in client.py file operations The `upload_file` and `download_file` functions in `scripts/client.py` directly use the `local_path` argument, which is taken from `sys.argv`, in `open(local_path, ...)`. If an attacker can control this `local_path` argument, they can use path traversal sequences (e.g., `../`) to read or write files outside the intended skill directory. This could lead to data exfiltration of sensitive system files or unauthorized modification of arbitrary files on the host system. Before opening `local_path`, normalize it using `os.path.abspath()` or `os.path.realpath()` and then verify that the resulting path is strictly within an allowed base directory (e.g., the skill's designated working directory or a secure temporary directory). Reject any paths that attempt to escape this base directory. | LLM | scripts/client.py:50 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/oki3505f/telegram-cloud-storage/scripts/client.py:1 |
Scan History
Embed Code
[](https://skillshield.io/report/0a33d24f85f95143)
Powered by SkillShield