Back to skill

Security audit

Article Taster

Security checks across malware telemetry and agentic risk

Overview

This is a local article-analysis skill with some wording and dependency hygiene issues, but no evidence of hidden data access, persistence, credential use, network transfer, or destructive behavior.

Reasonable to install if you are comfortable running a local Python text-analysis tool on files you choose. Avoid using any future remote LLM-assisted mode with private drafts unless it clearly asks for consent and explains where text is sent. The publisher should replace the insulting AI-detection labels and pin dependencies before wider production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises executable Python components and optional external LLM integrations, which imply file-reading and network access, but it does not declare any permissions or constraints for those capabilities. This creates a transparency and sandboxing gap: users or hosts may approve and run the skill without realizing it can access local article files and potentially send article contents to remote services.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
Derogatory language appears in comments, documentation, and user-facing terminology describing detection of 'AI味/大便味'. In this skill context, that wording can propagate into outputs and create abusive, harassing, or policy-noncompliant responses toward users or their content, increasing moderation and trust/safety risk even though it is not a traditional code-execution flaw.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The user-facing label '极强AI味 (大便味)' is directly returned by the detector and can be shown to end users. In an article-evaluation skill, this makes the issue more dangerous because the insulting text is part of normal operation, creating a clear pathway to harmful or humiliating output and potential policy violations.

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
scikit-learn>=1.0.0
numpy>=1.21.0
Confidence
91% confidence
Finding
jieba>=0.42.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
scikit-learn>=1.0.0
numpy>=1.21.0
Confidence
95% confidence
Finding
scikit-learn>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
jieba>=0.42.1
scikit-learn>=1.0.0
numpy>=1.21.0
Confidence
94% confidence
Finding
numpy>=1.21.0

Known Vulnerable Dependency: scikit-learn — 6 advisory(ies): CVE-2020-13092 (scikit-learn Deserialization of Untrusted Data); CVE-2024-5206 (scikit-learn sensitive data leakage vulnerability); CVE-2020-28975 (scikit-learn Denial of Service) +3 more

Critical
Category
Supply Chain
Confidence
72% confidence
Finding
scikit-learn

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
68% confidence
Finding
numpy

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.