Tencent Doc Update Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks Tencent Docs for updates and writes local comparison reports, with raw fetched data deleted by default.

Before installing, make sure you are comfortable with a local Python script using curl to fetch the configured Tencent Docs links and writing snapshots under the workspace you choose. Review any custom config file, keep the workspace private, and avoid --keep-raw unless you specifically need debugging files because it can retain raw page, header, and cookie data locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to perform network access, shell execution, and file reads/writes, but it does not declare those permissions in the skill metadata. That mismatch weakens reviewability and least-privilege controls, making it easier for operators to invoke a capability-rich workflow without clear visibility into what access is required.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal