AI agents use send_telegram to create or update resources in Crypto Multi-MCP Hub — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Crypto Multi-MCP Hub environment.
This tool sends a message to an external Telegram bot, which is a write/notification action. It creates outbound communication but does not delete data or execute code. However, in the context of a crypto trading hub, misuse could leak sensitive trading information or be used to exfiltrate data, warranting medium severity.
From the tool's definition Send a message to a Telegram bot
Documented attack patterns abuse exactly the kind of access send_telegram gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Crypto Multi-MCP Hub, and nothing reaches the server without passing your rules. This is the rule we recommend for send_telegram:
{
"version": "1",
"default": "deny",
"tools": {
"send_telegram": {
"limits": [
{
"counter": "send_telegram_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}send_telegram stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Send a message to a Telegram bot. It is categorised as a Write tool in the Crypto Multi-MCP Hub MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Crypto Multi-MCP Hub MCP server in PolicyLayer and add a rule for send_telegram: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Crypto Multi-MCP Hub. Nothing to install.
send_telegram is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the send_telegram rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for send_telegram. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
send_telegram is provided by the Crypto Multi-MCP Hub MCP server (pellenybe/crypto-mcp-server---by-corax-colab). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Crypto Multi-MCP Hub, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
48 Crypto Multi-MCP Hub tools catalogued and risk-classified — across an index of 43,000+ MCP servers.