We checked this and rejected itsecurity

telegram-inbox: why it is not safe to use

Reads any Telegram chat into agent context and can send from your full account, so a prompt injection has a plausible path to act; use a scoped bot instead.

What we found

telegram-inbox connects to your personal Telegram account, not a scoped bot, using your API ID, hash, phone, and optional 2FA, and it saves a session file that grants full account access. Once connected, the agent can read messages from any chat, including text written by strangers. That untrusted message content enters the agent's context, where a hidden instruction could try to steer it. Because the same server can also send messages from your account, a successful injection has a plausible path to act, for example composing and sending a message on your behalf. All traffic stays within the official Telegram API, and no third-party endpoints were observed. On the positive side, the code is open-source Go, readable, with no hardcoded secrets, no shell or filesystem commands, and no privilege escalation.

What to do instead

If you want Telegram access, prefer a scoped bot token limited to specific chats over full account credentials. Keep this skill read-only where possible, avoid granting send permissions, and do not point it at chats containing untrusted senders. Review actions before they run.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/chaindead/telegram-mcp

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.