Ebrun Original News

Security checks across malware telemetry and agentic risk

Overview

This skill fetches Ebrun e-commerce news as described, with disclosed network calls and a limited version-check cache.

Install this only if you are comfortable with a skill running its bundled Python or shell scripts to make HTTPS requests to Ebrun and occasional version-check requests to GitHub/Gitee, and writing a small temporary cache. Review or disable the update-check step if your environment requires strict no-egress or no-cache behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill invokes file reads, shell scripts, and outbound network access but does not declare permissions or constrain them in metadata. This creates a transparency and governance gap: a host may route execution assuming a simple news lookup skill, while the skill can also run local scripts, access local files, and perform additional network activity.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The declared purpose is fetching ecommerce news, but the documented behavior also performs self-update checks, reads local version state, contacts multiple remote endpoints, and writes cache data. This hidden secondary behavior expands the trust boundary and can be abused for undeclared tracking, unexpected egress, or future update-channel misuse outside the user's requested task.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase at this line is broad enough that ordinary user conversation about industry updates could unintentionally activate the skill. In an agent environment, this can cause misrouting, unnecessary external fetches, and user intent confusion, even though it does not directly create code execution or data exfiltration risk.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: This example trigger is ambiguous and could match common conversational requests unrelated to deliberate skill use. In practice, that increases the chance of accidental invocation, which may lead to irrelevant network requests and unintended tool behavior in broader agent workflows.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal