Security audit

Podfetcher Tools

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Podfetcher API client; it needs a Podfetcher API key and sends podcast queries and transcript requests to the configured Podfetcher endpoint, but I found no hidden local access, persistence, or deceptive behavior.

Install only if you trust Podfetcher and this package source. Prefer PODFETCHER_API_KEY or a secret manager over --api-key, avoid putting real keys in shared configs or command history, keep the default API URL unless you intentionally trust another endpoint, and have agents ask before fetching transcripts if quota or billing matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documentation instructs users to provide an API key and use transcript/search features that send authenticated requests and user-supplied podcast or transcript-related queries to an external service, but it does not explicitly disclose that data leaves the local environment. In an agent setting, this can lead to unintentional transmission of sensitive prompts, search terms, or metadata to a third-party API without informed user consent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI explicitly supports passing an API key on the command line via --api-key. Command-line arguments are commonly exposed through shell history, process listings, job logs, and telemetry, so this can leak credentials to other local users or operational systems even if the network path is secure. In this skill context, the tool is intended for agent/automation use, which increases the chance that secrets will be supplied non-interactively and captured in logs.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The MCP server accepts an API key via the `--api-key` command-line flag, which can expose the secret through process listings, shell history, job control logs, and orchestration metadata on multi-user systems. In this skill context, the tool is specifically designed to talk to a remote API, so credential handling matters; while this is a common convenience feature rather than malicious behavior, it still creates a real secret-leak risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.