telegram-auto-topic

clawhub:telegram-auto-topic

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

85/100

HIGH 1

LOW 1

Findings (2)

HIGH

Capability escalation MCP_009

mcp-attack L107

Detects excessive or dangerous capability requests in MCP configurations

Permissions:** Bot needs admin

FIX

Restrict the tool to well-defined scopes and prevent it from requesting all permissions. Implement least-privilege access controls and audit permission grants.

FP?

Likely FP if the match is a tool description documenting available permission scopes, not a tool that actually requests overly broad access.

LOW

Shell script file execution CMDEXEC_013

command-execution L65

Detects execution of shell script files via bash/sh command or direct invocation

bash
scripts/telegram-auto-topic.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.