telegram-skills-bin

Fail

Audited by Snyk on Jun 20, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Yes — this is a direct download of a prebuilt executable from a third‑party GitHub Releases repo (roziscoding/telegram‑skills) that is executed without checksum/signature verification, a common malware distribution vector even if the release is version‑pinned.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 20, 2026, 06:05 PM
Issues
2
Security Audit — snyk — telegram-skills-bin