Security audit

Sol Take

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed content-publishing workflow, but it asks for unattended daily posting and GitHub pushes without clear approval or scoping controls.

Install only if you intentionally want this agent to generate posts on a schedule and publish them to the configured GitHub site. Review the referenced script, restrict repository credentials, prefer a draft branch or pull-request workflow, and require manual approval before any push.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The manifest and description present the skill as simple content generation, but the documented behavior includes automatically committing and pushing content to GitHub. This mismatch hides a publication side effect from users and reviewers, increasing the chance of unintended repository modification and public release of generated content.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Auto-committing and pushing to GitHub gives the skill deployment/publication capability beyond merely generating a short opinion piece. If triggered unexpectedly, it can alter site content and publish AI-generated text without review, creating integrity and reputational risk.

Scope Creep

High

Confidence: 95% confidence
Finding: The skill documentation describes pushing to GitHub, but the declared permissions only list http.request and file.write, creating a capability/permission mismatch. That discrepancy is dangerous because it obscures the true security boundary, making review and policy enforcement unreliable while enabling undocumented external publication through scripts or inherited environment tools.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill writes files and auto-pushes changes without a clear warning that it will modify repository contents and publish them. In this context, the danger is higher because the skill runs on a daily schedule, so unnoticed behavior can repeatedly make persistent and public changes.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: The documentation references a secret API key and external model usage without clearly warning about outbound requests or sensitive credential handling. While not inherently malicious, this can lead operators to expose secrets improperly or underestimate that content and metadata may be sent to a third-party service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal