add-telegram-swarm

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: Modifies core application source code files, including 'src/telegram.ts', 'src/config.ts', and 'src/ipc.ts', to integrate new functionality directly into the host logic.
  • [COMMAND_EXECUTION]: Alters system-level persistence by modifying the '~/Library/LaunchAgents/com.bastionclaw.plist' file and using 'launchctl' to reload the service.
  • [COMMAND_EXECUTION]: Performs broad file system operations and rebuilds the application environment using shell commands like 'npm run build' and './container/build.sh'.
  • [COMMAND_EXECUTION]: Uses 'sqlite3' to query a local database ('store/messages.db') and uses the resulting data to drive file system actions such as creating directories and copying scripts.
  • [CREDENTIALS_UNSAFE]: Instructs the agent to request the user's Gemini API key and append it to the local '.env' file during the setup phase.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 12:13 AM
Security Audit — agent-trust-hub — add-telegram-swarm