Security audit

Sol Devto Viral

Security checks across malware telemetry and agentic risk

Overview

This skill is a dev.to growth automation tool, but it combines scheduled background execution, local credential use, repository access, and public posting without enough scoping or user control.

Review before installing. Only use this if you are comfortable granting it access to the named local blog repository and API credentials, and if you can verify the external devto-viral.py script. Require dry-run behavior and explicit approval before any dev.to post is published, and move any embedded API key to a safer secret store or environment variable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documentation explicitly requires a local secrets file and mentions a dev.to API key embedded in a script, which is unsafe credential handling and not clearly bounded by the declared interface. Embedding credentials and directing the skill toward local secret material increases the chance of secret exposure, accidental exfiltration, or reuse outside the intended workflow.

Scope Creep

High

Confidence: 98% confidence
Finding: The skill claims it needs access to a local secrets file and a site repository path, which implies local file reads and repository content access beyond the declared permissions. This mismatch is dangerous because it hides the true data access scope, making it easier for the skill to inspect sensitive local content or publish material drawn from the user's filesystem without clear consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description presents a broad 'viral engine' for mining trends, advertising content, and cross-posting posts, but does not define narrow invocation boundaries or user-trigger conditions. In an agent environment, vague activation criteria can cause the skill to run in unrelated contexts and perform network requests, content generation, or publishing actions when the user did not clearly intend that behavior.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documented behavior includes writing logs, generating promotional comments, and publishing adapted blog posts to dev.to, yet it does not prominently warn users about automated publishing and filesystem modifications. In this context, lack of warning is risky because the skill combines marketing automation with external posting, which can create unintended public content, spam, or local state changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup section discusses credential locations and an embedded API key without any safety warning, normalization of secure storage, or prohibition on hardcoding secrets. Because this skill also has network and write-related capabilities, normalizing insecure credential practices makes compromise and secret leakage materially more likely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal