Google Alerts Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill appears to only fetch Google Alerts RSS results and format them for keyword monitoring.

Before installing, confirm you are comfortable sending your monitored keywords and Google Alerts feed identifier to Google Alerts. Run it as a normal user, keep the feed ID out of shared logs or screenshots, and review automated reports before forwarding them elsewhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares executable capabilities requiring bash, curl, and python3 and explicitly performs external fetches, but it does not declare any permissions model for network or shell access. That mismatch can cause agents or operators to invoke a skill with broader execution and outbound connectivity than expected, reducing sandboxing transparency and increasing the chance of unintended data exposure or command execution in permissive runtimes.

External Script Fetching

High

Category: Supply Chain
Content: - GOOGLE_ALERT_FEED_ID bins: - bash - curl - python3 ---
Confidence: 88% confidence
Finding: curl - python3 --- # Google Alerts Monitor Keyword monitoring with Hootsuite-style output. Free, no API keys required. ## What This Skill Does - Fetches Google Alerts RSS feeds for your ke

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal