Skills
skills/sundial-org/awesome-openclaw-skills/telegram-usage/Gen Agent Trust Hub

telegram-usage

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses execSync in handler.js to execute the local clawdbot models status command. This is a legitimate functional requirement for retrieving quota information but represents a use of system-level command execution.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted session data.
  • Ingestion points: The script session-reader.js reads session metadata from sessions.json and conversation transcripts from .jsonl files in the user's home directory.
  • Boundary markers: No delimiters or instructions are used to separate user-provided content from the skill's logic when reading transcripts.
  • Capability inventory: The skill possesses the ability to read and write to the file system and execute local shell commands.
  • Sanitization: The formatStats function in session-reader.js interpolates data like stats.model and stats.provider directly into an HTML-formatted string for Telegram without escaping. This allows potentially malicious content within a session's metadata to manipulate the output display.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 09:21 AM