Security audit

Sol Weekly Roundup

Security checks across malware telemetry and agentic risk

Overview

The skill appears to help curate/write content but also auto-commits and pushes changes to GitHub, which is a high-impact publishing action that is not clearly scoped or disclosed.

Install only if you expect this skill to modify a repository and publish to GitHub. Before use, require a visible diff and explicit confirmation before any commit or push, and check which repository, branch, and GitHub credentials it will use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest and description present the skill as a content-curation/writing tool, but the documented behavior includes auto-committing and pushing changes to GitHub. This is a material capability expansion because publication-side effects can modify remote state and expose content publicly without being clearly disclosed in the declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Auto-committing and pushing to GitHub is more sensitive than simply curating and writing a roundup because it performs irreversible or externally visible actions. In this context, the extra capability increases the risk of unauthorized publication, repository tampering, or accidental distribution of low-quality or manipulated content.

Scope Creep

High

Confidence: 98% confidence
Finding: The skill documentation states it will auto-commit and push to GitHub, but the declared permissions only mention http.request and file.write. This mismatch is dangerous because it hides an external publication capability from permission review, undermining informed consent and making it harder to assess the real blast radius of the skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill writes into a local site repository and then auto-pushes changes to GitHub, but the description does not clearly warn the user about these side effects. Lack of explicit warning is risky because users may invoke what appears to be a simple summarization skill without realizing it can modify local content and publish remotely.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal