Security audit

Sol Quick Hits

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AI briefing publisher, but it schedules automatic GitHub publication with local secret use and incomplete permission disclosure.

Install only if you intentionally want an unattended weekday job that uses a MiniMax API key, writes Jekyll posts, commits them, and pushes to the configured GitHub repository. Prefer reviewing the referenced pipeline first and adding a dry-run, branch/staging flow, or manual approval before enabling launchd.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest description says the skill generates a weekday AI briefing, but the body documentation reveals it also auto-commits and pushes changes to GitHub. This is dangerous because users and reviewers may approve a content-generation skill without realizing it also performs publication actions, increasing the risk of unintended remote changes.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Auto-commit and push materially expands the skill from content drafting into remote state modification, but that behavior is not clearly justified or constrained in the stated purpose. If triggered unexpectedly, it can publish unwanted or manipulated content to a public repository with little user awareness.

Scope Creep

High

Confidence: 97% confidence
Finding: The documentation describes capabilities beyond the declared permission model, including local secret file reads and publication to GitHub, while only listing http.request and file.write. This mismatch undermines informed consent and review, because the effective behavior includes credential access and remote publication not transparently represented by the manifest.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states that it creates a post and auto-commits/pushes to GitHub but does not present this as a user-facing warning or require acknowledgment. Silent file writes and remote pushes are high-sensitivity side effects that can alter content and publish externally without adequate operator awareness.

Session Persistence

Medium

Category: Rogue Agent
Content: - Fetches top 30 HN stories, filters for AI keywords - Fetches top 10 AI-tagged dev.to articles - Uses MiniMax to pick the 3 most interesting and write a punchy briefing - Creates a Jekyll post in `_posts/YYYY-MM-DD-quick-hits-DAY.md` - Auto-commits and pushes to GitHub
Confidence: 90% confidence
Finding: write a punchy briefing - Creates a Jekyll post in `_posts/YYYY-MM-DD-quick-hits-DAY.md` - Auto-commits and pushes to GitHub ## Schedule Runs **weekdays at 8am UK time** via launchd. ## Setup Requ

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal