TechSnif — Tech News Intelligence CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only tech news lookup tool that runs a bundled Node.js CLI and queries TechSnif’s public API.

Install only if you are comfortable running bundled Node.js code and sending tech-news search terms to TechSnif or any endpoint you configure. Avoid confidential queries, and check TECHSNIF_API_URL or --api-url if endpoint control matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest description includes many broad natural-language trigger phrases such as 'any news about [company/topic]' and 'what's happening in tech', which can match ordinary user conversation and cause over-invocation of the skill. In an agent setting, overly broad routing increases the chance that external network-backed content is pulled into contexts where the user did not explicitly ask for this tool, expanding attack surface and creating opportunities for prompt/context contamination from fetched content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal