telegram

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses an official registry-backed CLI from the same vendor ecosystem, so it does not look malicious. However, all Telegram access and authentication are mediated through Membrane rather than direct Telegram APIs, creating an intermediary data flow and credential-handling trust dependency; combined with mutable latest-version installs, this makes it medium risk rather than benign.