Is acastellana/telebiz-mcp-skill safe?

https://github.com/openclaw/skills/tree/main/skills/acastellana/telebiz-mcp-skill

94
SAFE

This is a legitimate Telegram MCP integration skill that provides chat management, messaging, and search capabilities via a browser-based Telegram client. The skill communicates only with local WebSocket/HTTP endpoints (ports 9716/9718) and requires user authentication through the external telebiz.io service. No prompt injection, data exfiltration, or malicious code patterns were detected. The skill includes appropriate security documentation and rate limiting.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW HTTP server allows all CORS origins 5

The HTTP server (http-server.js) sets Access-Control-Allow-Origin: '*', which allows any origin to make requests. This is standard for MCP servers but worth noting.

LOW Local state file storage 5

The monitor and health scripts store state in ~/.telebiz-mcp-state.json. This is expected behavior for state tracking but stores local process information.

INFO Security depends on external telebiz.io service 0

The skill relies on telebiz.io browser client running in user's browser. Security depends on that external service's integrity. This is documented in SKILL.md.