claudeclaw

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the user to paste the BotFather API token and pairing codes directly into CLI commands (e.g., "/telegram:config YOUR_BOT_TOKEN" and pasting the pairing code), which requires the agent to receive and potentially echo/handle secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly configures Claude to receive and act on live, user-generated Telegram messages via the Channels plugin (see "plugin:channels telegram@claude-plugins/official" in Step 3 and the message-based tests in Step 5), so untrusted third‑party content from Telegram is ingested and can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs and runs the external plugin "telegram@claude-plugins/official" at runtime (via "install telegram@claude-plugins/official" and "plugin:channels telegram@claude-plugins/official"), which will fetch and execute remote plugin code and allow Telegram to push prompts directly into the Claude session, so it directly controls agent prompts.