afk-claude-telegram-bridge

The module provides a straightforward, low-risk IPC queue mechanism for a single queued_instruction.json file. It handles missing files gracefully, isolates I/O errors via custom wrappers, and avoids dynamic code execution. Security risks mainly relate to lack of input validation and potential race conditions under concurrent access. Recommended improvements: validate the parsed QueuedInstruction against a strict schema (e.g., ensure text is a string and timestamp is a valid ISO date); bound the text length to prevent oversized payloads; consider implementing file locking or atomic write patterns to avoid race conditions; optionally add schema-based validation and secrets scanning if the payload ever grows in scope.

The skill implements a Telegram-based AFK bridge to control Claude Code with multi-session support and tool-call approvals. While functionally coherent with the stated purpose, the installation approach (curl | bash from remote URL) and lack of verifiable integrity checks for binaries introduce significant supply-chain and execution risks. Credential exposure (bot token) and a large control surface (remote approvals, multi-session routing) heighten risk in case of channel compromise. Recommend adopting signed/verifiable install artifacts, pinning/releases verification, minimized privileged access, per-action user prompts, and secure secret management to reduce risk.

The provided wrapper itself is not directly malicious: argument parsing and UUID generation are benign. However, it delegates all sensitive behavior to a local hook script whose contents are not shown. This delegation creates a significant transitive trust and data-exfiltration risk: a malicious or compromised hook.sh or Telegram endpoint could leak sensitive agent outputs, local credentials, or enable remote control of the session. Treat this feature as high-risk until the bridge implementation is audited: require integrity checks or signing of hook.sh, use strict recipient whitelisting and secure credential storage for Telegram tokens, minimize and redact forwarded data, and adopt explicit per-action approval UI/UX to reduce remote abuse potential.