News Collect

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local news-collection wrapper that writes disclosed report files and does not show hidden or destructive behavior.

Install only in a repository where creating files under content-production/inbox/ is acceptable. Avoid putting secrets or private notes in the request file, expect raw fetched content and stderr to be archived, and review the repo-local news-aggregator-skill dependency because it performs the external news fetching.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation describes capabilities to read files, invoke shell commands, and write reports/JSON, but it does not declare permissions or otherwise surface those capabilities explicitly. That creates a transparency and consent problem: a caller may invoke the skill expecting a passive formatter while it can modify repository state and execute local commands through the runtime.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The declared purpose frames the skill as a news collection and normalization wrapper, but the documented behavior also includes editorial scoring, audience analysis, headline generation, and recommendation logic. This mismatch is dangerous because users and policy layers may approve the skill for simple collection while it actually performs additional content-generation and decision-support functions that can influence outputs beyond the stated scope.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation instructs the agent to write markdown and raw JSON files into repository directories without warning the user that local data will be modified. In an agent setting, silent writes can overwrite prior artifacts, create unwanted commits, or store sensitive fetched content in tracked paths, making this an integrity and data-governance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal