Danish News Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a public Danish RSS feed aggregator with a real TLS-verification weakness, but the behavior is purpose-aligned and does not show credential theft, private-data access, deception, or destructive actions.

Use this only if you want a tool that contacts public Danish news RSS sources and writes local RSS files. Before relying on it, remove the TLS verification bypass in aggregate_feeds.py, pin or review Python dependencies, add cron only intentionally, and treat generated feed content as untrusted external text.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises executable behavior involving file reads/writes and network access, but does not declare any permissions or capability boundaries. This creates a trust and review gap: operators may approve or run the skill without understanding that it fetches remote content and writes local output, increasing the chance of unintended data exposure or unsafe deployment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The description-behavior mismatch is security-relevant because the implementation reportedly disables SSL certificate verification and performs undocumented outputs and filtering not disclosed in the skill description. Misrepresentation of behavior prevents informed review and can hide risky implementation details, especially the TLS bypass, which enables man-in-the-middle tampering of fetched RSS content.

Intent-Code Divergence

High

Confidence: 100% confidence
Finding: The code disables TLS certificate validation and hostname checking for all feed fetches, which allows man-in-the-middle attackers to intercept or modify RSS responses without detection. In this skill context, the risk is elevated because remote untrusted content is ingested automatically and then republished, enabling feed poisoning, misinformation injection, or malicious links to be distributed downstream.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal