IceCube Reddit Scout

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Reddit monitoring skill, but it asks for sensitive inbox/session-style access and persistent lead logging without enough boundaries.

Install only if you are comfortable with an agent that may query Reddit, store mention logs locally, use Reddit OAuth or a logged-in browser, and potentially process Reddit alert emails. Use a dedicated Reddit app/token and a dedicated email label or mailbox, avoid storing raw email bodies or full comment text, review/delete memory logs periodically, and require human approval before posting replies or sending outreach.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares only a binary requirement for curl but provides shell commands and an operational workflow that performs external network access, polling, and file writes without clearly declaring those capabilities as permissions. This can cause the agent to invoke shell/network behavior unexpectedly under a benign-looking skill, reducing user visibility into what the skill can do.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description uses broad phrases like brand monitoring, lead generation, keyword alerts, and track mentions, which are common user intents and can cause overbroad auto-invocation. In this skill, that matters because activation leads to external querying, possible email processing, and persistent storage of extracted data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill says it reads Reddit keyword alert emails and extracts context, but the description does not clearly warn users that notification emails will be accessed and their contents processed. Email ingestion can expose unrelated personal or sensitive data, and users may not realize a monitoring skill is reading mailbox content at all.

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The workflow writes monitoring results to memory files and may add items to unclosed_work.yaml, but this persistence is not prominently disclosed as a data-handling behavior. Silent local retention increases privacy and security risk because harvested Reddit content, inferred intent, and operational notes may accumulate without user awareness or retention limits.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script persists Reddit search terms and matching post metadata to a dated file under the user's home directory without any notice, consent, retention limit, or opt-out. Even though the source data is public, the stored query history can reveal the user's research interests, targets, or lead-generation activity and may be accessible to other local users, backups, or later tooling.

Context Leakage

High

Category: Data Exfiltration
Content: ### Step 2: Extraction When keyword found: - Extract thread title, content, score, comments - Detect intent signal (wish/need/looking_for) - Calculate relevance score
Confidence: 90% confidence
Finding: Extract thread

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal