Security audit

Rss Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward RSS feed aggregator, but it weakens HTTPS checks when fetching feeds, so fetched content should be treated as untrusted.

Install only if you are comfortable treating fetched feed content as untrusted. Prefer trusted feed URLs, avoid relying on generated HTML or newsletters for sensitive decisions, and consider fixing the script to use normal TLS verification before using it on untrusted networks.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises and demonstrates network access and file output behavior, but the metadata declares no permissions. That mismatch can undermine user and platform trust because the skill can fetch arbitrary remote feeds and write aggregated content to local files without explicit disclosure. In this context, RSS aggregation legitimately needs network and file-write capabilities, so the issue appears to be missing permission declaration rather than overtly malicious behavior.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The feed fetcher creates an SSL context with hostname checking disabled and certificate verification turned off, which defeats HTTPS authenticity guarantees. An attacker on the network path or controlling DNS/proxy infrastructure could impersonate a feed source, inject malicious or misleading content, and the aggregator would trust and process it as if it came from the legitimate publisher.

Natural-Language Policy Violations

High

Confidence: 100% confidence
Finding: This code explicitly disables both certificate validation and hostname verification for HTTPS requests, making TLS effectively useless. In the context of an RSS aggregator that ingests untrusted remote content and may redistribute it as HTML/Markdown/JSON, this increases the risk of supply-chain style content tampering and deceptive downstream output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.