High-risk tools in MCP-Telegram

High severity MCP-Telegram MCP Server 4 of 181 tools

4 of the 181 tools in MCP-Telegram are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

telegram-report-story Execute

Report a story via the multi-step option flow. First call with option:
telegram-toggle-anti-spam Execute

Enable or disable aggressive anti-spam filtering in a supergroup. Supergroup only (not broadcast channels); requires admin with ban_users permission
telegram-login Execute

Login to Telegram via QR code. Returns QR image. IMPORTANT: pass the entire result to user without modifications.
telegram-press-button Execute

Press an inline keyboard callback button on a message. Identify the button by (row, column) from its replyMarkup, or pass raw callback_data as base64. URL, switch-inline, game a...

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in MCP-Telegram

Tools at high risk

Attacks that target this class

More on MCP-Telegram

Enforce policy on every MCP-Telegram tool call.