Ai Intelligence Site

Security checks across malware telemetry and agentic risk

Overview

The skill broadly matches its purpose, but it embeds a Serper API key and can automatically publish generated changes to GitHub without a review step.

Review before installing. Remove and rotate the embedded Serper key, require your own SERPER_API_KEY, run the script first in a test repository, inspect the generated files and git diff before pushing, and only enable daily scheduling after you have branch protections or another review path in place.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The script embeds a hard-coded Serper API key directly in source code, which exposes credentialed external access to anyone who can read the repository or logs. Hard-coded secrets are routinely harvested and abused, leading to unauthorized API consumption, billing impact, and potential account suspension.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad and loosely constrained, increasing the chance that the skill activates in unrelated conversations involving AI intelligence sites, competitor analysis, or update requests. In a skill that can perform network access, file modification, and publishing workflows, accidental activation can lead to unintended external requests or content changes without sufficiently clear user intent.

Missing User Warnings

High

Confidence: 98% confidence
Finding: Using a hard-coded fallback API key means the script will silently make authenticated external requests even when no operator-provided secret is configured. In this skill context, that increases danger because automated daily execution can repeatedly consume a credential without visibility or consent, masking misconfiguration and expanding abuse potential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal