Trust Assessment
telegram-pairing-approver received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 11 critical, 1 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Command Injection via unescaped BOT_TOKEN.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:172 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:67 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:4 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:21 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:136 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:161 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:166 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:172 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:173 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/crazypeace/telegram-pairing-approver/scripts/deploy.js:178 | |
| CRITICAL | Command Injection via unescaped BOT_TOKEN The `BOT_TOKEN` provided as a command-line argument is directly embedded into a JavaScript string literal within the generated `simple_telegram_bot.js` file without proper escaping. If the `BOT_TOKEN` contains characters like a single quote ('), an attacker can break out of the string literal and inject arbitrary JavaScript code. This injected code will then be executed when the `simple_telegram_bot.js` script is run by Node.js, leading to arbitrary code execution on the host system. The `BOT_TOKEN` must be properly escaped before being embedded into the JavaScript string literal. A safer approach would be to pass the `BOT_TOKEN` as an environment variable to the bot script, rather than embedding it directly into the code. For example, use `process.env.BOT_TOKEN` in the bot script and set `Environment=BOT_TOKEN=${BOT_TOKEN}` in the systemd service file. | LLM | scripts/deploy.js:24 | |
| HIGH | Excessive Permissions: Service runs as root The generated systemd service file (`telegram-pairing-bot.service`) is configured to run the Telegram bot as the `root` user. This grants the bot, and any commands it executes (including the `openclaw pairing approve telegram` command), full system privileges. If the bot is compromised, an attacker could leverage these root privileges to perform arbitrary actions on the host system, leading to a complete system takeover. Configure the systemd service to run as a dedicated, unprivileged user. Create a new system user specifically for this service (e.g., `telegram-bot`) and set `User=telegram-bot` in the service file. Ensure this user has only the minimum necessary permissions to operate. | LLM | scripts/deploy.js:132 |
Scan History
Embed Code
[](https://skillshield.io/report/923c10a02a8eb673)
Powered by SkillShield