Security audit

push-server-py

Security checks across malware telemetry and agentic risk

Overview

This notification skill does what it claims, but it prints full recipients and message content to command output before sending.

Review before installing if notification contents may include private operational details, user identifiers, links, or secrets. Use only with a trusted HTTPS push server and least-privilege API key, and preferably remove or redact the full request-body print before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script logs the full parsed request body before sending, which can expose recipient identifiers and message contents to stdout, logs, CI systems, or agent orchestration layers that capture command output. In this skill's context, notification payloads may contain sensitive operational messages or user identifiers, so this disclosure exceeds the minimum data needed for the function and creates an avoidable confidentiality risk.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Printing the request payload to stdout leaks the notification recipient and message body prior to transmission, which can be harvested from terminal history, centralized logs, or agent execution traces. Because this skill's purpose is only to send notifications, not to persist or display full payload data, the logging increases exposure without a functional need.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal