Skills
skills/holon-run/uxc/telegram-openapi-skill/Gen Agent Trust Hub

telegram-openapi-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the 'uxc' utility and its linked alias 'telegram-openapi-cli' to perform Telegram Bot API operations. This is the intended core functionality.
  • [EXTERNAL_DOWNLOADS]: The skill configuration involves downloading a curated OpenAPI specification from the vendor's official GitHub repository at 'https://raw.githubusercontent.com/holon-run/uxc/main/skills/telegram-openapi-skill/references/telegram-bot.openapi.json'.
  • [CREDENTIALS_UNSAFE]: Authentication is handled securely by instructing the user to provide a bot token via an environment variable ('TELEGRAM_BOT_TOKEN'), which is then managed by the 'uxc auth' credential system.
  • [DATA_EXFILTRATION]: The skill communicates with 'https://api.telegram.org' to send and receive bot data. This network activity is limited to the official Telegram Bot API domain.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:14 AM
Security Audit — agent-trust-hub — telegram-openapi-skill