Security audit

Sol Midweek News

Security checks across malware telemetry and agentic risk

Overview

This skill is an AI news-digest helper, but it describes automatic GitHub publishing and local secret use without enough scoping or user control.

Review this before installing. It is not evidence of malware, but only use it in a repository you intend to publish from, with a least-privilege MiniMax key and GitHub credentials, and make commit/push or launchd scheduling a separate explicit step you control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The documented behavior includes automatically committing and pushing generated content to GitHub, which extends beyond merely generating a digest and creates an external side effect with publication consequences. In a skill with write and network capabilities, this can cause unintended content publication or repository modification without an explicit, narrowly scoped user approval step.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill requires a local secrets file for a MiniMax API key, implying access to sensitive local material that is not reflected in the declared permissions or user-facing description. Even if intended for legitimate API use, undocumented secret access broadens the trust boundary and increases the risk of credential exposure or misuse.

Scope Creep

High

Confidence: 96% confidence
Finding: The documented setup indicates behavior beyond the manifest's declared permissions, including local file reads for secrets and Git operations for commit/push. This mismatch is dangerous because reviewers and users may approve the skill under a false assumption of limited capability while it actually performs broader local access and remote modification actions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description does not prominently warn that it will write a post file and automatically commit/push changes, which are significant side effects for a content-generation task. Lack of transparent disclosure increases the likelihood of users authorizing the skill without understanding that it can persist and publish generated output.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal