geeknews-bot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed daily GeekNews briefing tool that sends summaries to Telegram, with manageable risks around tokens and optional scheduling.

Install only if you want a Telegram bot to post daily GeekNews briefs. Use a dedicated Telegram bot/chat, protect and rotate tokens if exposed, avoid syncing tokens through dotfiles, and enable cron only after testing the recipient and message content. Static scan was clean and VirusTotal was pending, with no artifact-backed malicious behavior found.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill describes capabilities that access environment variables, local files, the network, and shell scripts, but it does not declare permissions or boundaries for those actions. This increases the risk of overbroad execution and makes it harder for users or a platform to understand that the skill can read secrets and perform outbound actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: There is a meaningful description-behavior mismatch because the skill is presented as a news-briefing skill, but it also performs external transmission via Telegram and references additional external services/tools beyond simple local summarization. When behavior exceeds the declared purpose, users may unknowingly authorize broader data flows and automation than expected.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger phrases are broad enough to overlap with ordinary requests such as general news summaries or development news, which can cause unintended invocation of a skill that performs network collection and Telegram delivery. Overbroad triggering is dangerous in an automated agent ecosystem because it can activate outbound behavior without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs use of Telegram bot credentials and outbound message transmission without an explicit privacy notice or user-facing disclosure that content will leave the local environment. This can expose curated content, metadata, and potentially sensitive context to a third-party messaging platform without informed consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill recommends unattended cron-based execution that automatically collects data, generates summaries, and sends messages externally, but it does not warn about the risks of autonomous outbound actions. Automated recurring execution amplifies mistakes, misrouting, and data leakage because the behavior can continue without active user review.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to place long-lived secrets such as TELEGRAM_BOT_TOKEN and GITHUB_TOKEN in shell startup files, which are commonly backed up, copied between systems, or accidentally exposed through dotfile syncing and support logs. While this is a common convenience practice, presenting it without warnings or safer alternatives increases the chance of credential disclosure and unauthorized bot or API use.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal