Trust Assessment
telegram-create-bot received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection in Example Echo Bot Script, Excessive Permissions: Capability to Upload Arbitrary Local Files, Potential Data Exfiltration via Webhook URL Manipulation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection in Example Echo Bot Script The 'Simple echo bot' example script constructs a `curl` command where user-provided text (`$TEXT`) is directly interpolated into a JSON string within the `-d` argument. This is vulnerable to shell command injection if the `$TEXT` variable contains malicious characters (e.g., `"`, `\`, or shell metacharacters) that can break out of the JSON string and execute arbitrary commands on the host system. Properly escape user-provided input before embedding it into shell commands or JSON strings. For bash, consider using `jq` to construct the JSON payload safely, e.g., `jq -n --arg chat_id "$CHAT_ID" --arg text "You said: $TEXT" '{"chat_id": $chat_id, "text": $text}'` and then pass this to `curl -d @-`. | LLM | SKILL.md:199 | |
| HIGH | Excessive Permissions: Capability to Upload Arbitrary Local Files The `sendPhoto` and `sendDocument` examples demonstrate the use of `curl -F "file=@/path/to/file"`, which allows the skill to read and upload local files from the host system. If the skill were to accept user-controlled file paths for these operations, it could lead to arbitrary file reading and exfiltration of sensitive data from the system where the skill is executed. If file paths are to be accepted from user input, implement strict validation and sanitization to prevent path traversal and ensure only authorized files or directories can be accessed. Consider restricting file access to a sandboxed environment or using a dedicated file upload mechanism with strong security controls. | LLM | SKILL.md:90 | |
| MEDIUM | Potential Data Exfiltration via Webhook URL Manipulation The `setWebhook` example demonstrates how to configure a URL where Telegram will send updates. If the skill allows an attacker to specify an arbitrary URL for this webhook, all incoming messages and bot interactions could be redirected to an attacker-controlled server, leading to exfiltration of sensitive user data. If the skill exposes webhook configuration, ensure that the `url` parameter is strictly validated against a whitelist of allowed domains or patterns, or that it can only be set to a secure, controlled endpoint managed by the skill's legitimate operator. | LLM | SKILL.md:144 |
Scan History
Embed Code
[](https://skillshield.io/report/bbd131c36bb76ce1)
Powered by SkillShield