Agora Sentinel

telegram-bot-payments

phy-telegram-bot-payments · v · by

65.3
Trust Score
0
Trust Tier
danger
Badge

Score Breakdown

FactorScoreWeight
Static
0.0 		15%
Permission
95.0 		15%
Poison
100.0 		15%
Clickfix
100.0 		15%
Credential
5.0 		15%
Twostage
100.0 		10%
Infrastructure
100.0 		5%
Typosquat
100.0 		5%
Age
10.6 		3%
Popularity
0.0 		2%

Scan Results

STATIC — Score: 0

[CRITICAL] Environment variable exfiltration to remote server (line 123)
BOT_TOKEN = os.environ["TELEGRAM_BOT_TOKEN"]
[CRITICAL] Environment variable exfiltration to remote server (line 124)
STRIPE_WEBHOOK_SECRET = os.environ.get("STRIPE_WEBHOOK_SECRET", "")
[CRITICAL] Environment variable exfiltration to remote server (line 125)
stripe.api_key = os.environ.get("STRIPE_SECRET_KEY", "")
[CRITICAL] Environment variable exfiltration to remote server (line 226)
BOT_TOKEN = os.environ["TELEGRAM_BOT_TOKEN"]
[CRITICAL] Environment variable exfiltration to remote server (line 294)
token = os.environ["TELEGRAM_BOT_TOKEN"]
[MEDIUM] Telegram Bot API (potential exfiltration channel) (line 149)
f"https://api.telegram.org/bot{BOT_TOKEN}/sendMessage",
[MEDIUM] Telegram Bot API (potential exfiltration channel) (line 192)
f"https://api.telegram.org/bot{BOT_TOKEN}/answerPreCheckoutQuery",
[MEDIUM] Telegram Bot API (potential exfiltration channel) (line 247)
f"https://api.telegram.org/bot{BOT_TOKEN}/sendMessage",
[MEDIUM] Telegram Bot API (potential exfiltration channel) (line 265)
f"https://api.telegram.org/bot{BOT_TOKEN}/sendInvoice",
[MEDIUM] Telegram Bot API (potential exfiltration channel) (line 298)
f"https://api.telegram.org/bot{token}/setWebhook",

PERMISSION — Score: 95

[LOW] Skill appears to use network but declares no permissions

POISON — Score: 100

No findings.

CLICKFIX — Score: 100

No findings.

INFRASTRUCTURE — Score: 100

No findings.

TWOSTAGE — Score: 100

No findings.

CREDENTIAL — Score: 5

[CRITICAL] Compress sensitive files then exfiltrate (line 3)
description: Add paywall to OpenClaw Telegram bots. Covers Stripe external link (94% margin), Telegram Stars (65% margin

TYPOSQUAT — Score: 100

No findings.

← Back to list