afk-claude-telegram-bridge

The skill presents a coherent but high-risk integration: a Telegram-based AFK bridge that installs and runs external binaries via a curl | bash installer, stores bot credentials locally, and enables remote control of Claude Code sessions with tool-call approvals. While the described functionality matches a legitimate productivity/presence feature, the combination of download-execute installation, credential exposure, and cross-process data flow creates significant security concerns. The footprint is disproportionately risky for a skill intended to manage remote tool usage, and the data ingress/egress points (Telegram API, GitHub binaries, local IPC) introduce multiple potential exfiltration and code-injection vectors. Overall assessment: SUSPICIOUS due to dangerous install pattern and credential exposure, with potential for misuse if not strictly sandboxed and auditable.