Security audit

ntfy-notify

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward ntfy.sh notification sender, with the main risk being that notification text and headers are sent to an external ntfy topic.

Install only if you are comfortable sending notification content to ntfy.sh. Use your own ntfy topic instead of the included default topic for real use, and do not send secrets, tokens, personal data, private build logs, or internal-only URLs unless you explicitly intend to disclose them through that notification service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes a shell script capable of making outbound network requests, but the manifest does not declare corresponding permissions or clearly surface that capability. This creates a transparency and governance gap: users or hosting platforms may authorize the skill without understanding that it can execute shell commands and transmit data externally.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill is designed to send notification content, titles, links, tags, and other metadata to the external ntfy.sh service, yet the description does not warn users that their data leaves the local environment. This can lead to accidental disclosure of sensitive information, especially if an agent passes user-provided text, URLs, or internal build details into the notification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal