telegram-reply

SUSPICIOUS: the skill’s Telegram reply/file-send behavior is broadly aligned with its stated purpose, but it depends on an unverifiable third-party telclaude CLI and can transmit local/provider files externally. No direct credential harvesting or overtly malicious behavior is present, but install trust and outbound file-transfer capability make it high security risk.