public-opinion-report

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by sending report requests to a Midu internal API, but users should be careful because it uses an API key and plain HTTP.

Install only if you trust the Midu internal host and your network path to it. Prefer setting MIDU_API_KEY through a protected environment or config mechanism, do not paste the key into chats or reports, and avoid sending sensitive content because prompts and the API key are transmitted to a hardcoded HTTP endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation requires users to configure a sensitive API key but provides no warning about safe handling, such as not pasting the key into chats, logs, examples, or generated reports. In agent workflows, missing secret-handling guidance increases the chance of accidental disclosure through prompts, console history, debugging output, or markdown artifacts sent to third parties.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guide instructs users to retrieve an API key over plain HTTP from an internal endpoint, which exposes the credential to interception or manipulation by anyone on the network path. It also presents the key acquisition flow as routine setup without any warning that the value is a secret, increasing the chance of unsafe handling and credential compromise.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions tell users to place a live API key directly into a local JSON configuration file, but provide no guidance on file permissions, encryption, redaction, or avoiding source control exposure. This can lead to accidental disclosure through backups, logs, screenshots, multi-user systems, or committed config files.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The script sends raw user-provided content to a remote API endpoint without any explicit disclosure at execution time, which can cause unintended exfiltration of sensitive prompts or internal data. In the context of an agent skill, this is more dangerous because users may assume local processing while the skill actually transmits content to an internal service over the network.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The code resolves credentials either from an environment variable or by fetching them from a network endpoint, with no explicit disclosure or integrity/authenticity checks. Retrieving an API key over plain HTTP materially increases the risk of credential interception or spoofing, especially in shared or untrusted network environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal