Write My Blog

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent blog publishing tool, but it gives agents high-impact publishing, deployment, and credential-handling power with weak safeguards.

Review this skill before installing. Use it only in a dedicated blog project, back up any existing .env.local first, upgrade the web framework, harden content sanitization and SVG handling, and require explicit approval before deleting posts, publishing, switching production themes, or deploying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger keywords include very common terms such as `write`, `post`, `article`, and `deploy`, which can cause the skill to activate in unrelated conversations. In a skill with file-writing, command execution, and deployment guidance, overbroad activation increases the chance of unintended destructive or external actions being proposed or taken in the wrong context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation includes destructive and high-impact actions such as deleting posts, switching production themes, and deploying to Vercel or Cloudflare without requiring explicit user confirmation or warning about consequences. In an autonomous agent setting, omission of confirmation guidance can lead to accidental content loss, service changes, or unintended publication of data to public infrastructure.

Natural-Language Policy Violations

Medium

Confidence: 99% confidence
Finding: The lockfile explicitly records that the project is pinned to Next.js 14.2.21 and includes upstream metadata stating that this version has a known security vulnerability. Because this skill exposes blog creation, content management, and deployment functionality, a vulnerable web framework could directly affect server-side routes, rendering, middleware, or admin surfaces reachable by attackers.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: In non-interactive mode, the script will overwrite an existing .env.local automatically, replacing prior configuration and secrets without any safeguard. In an agent/CI context this is risky because automation may silently destroy working credentials, rotate service endpoints unexpectedly, or replace production-like settings with attacker-controlled values from environment variables or flags.

Credential Access

High

Category: Privilege Escalation
Content: SKIP_ENV=false fi elif [ -f "$ENV_FILE" ] && ! $INTERACTIVE; then echo "⚠️ .env.local already exists — overwriting (non-interactive mode)" SKIP_ENV=false else SKIP_ENV=false
Confidence: 93% confidence
Finding: .env.local

Credential Access

High

Category: Privilege Escalation
Content: ask REDIS_URL "Redis URL" "redis://localhost:6379" fi # ── Write .env.local ── cat > "$ENV_FILE" <<EOF # ── Write My Blog — Generated $(date +%Y-%m-%d) ──
Confidence: 87% confidence
Finding: .env.local

Credential Access

High

Category: Privilege Escalation
Content: sed -i "s|^SUPABASE_URL=.*|SUPABASE_URL=$SUPABASE_URL|" "$ENV_FILE" sed -i "s|^SUPABASE_SERVICE_KEY=.*|SUPABASE_SERVICE_KEY=$SUPABASE_KEY|" "$ENV_FILE" fi echo "✅ Switched to Supabase. .env.local updated." echo "" echo "🔨 Rebuilding..." cd "$PLATFORM_DIR"
Confidence: 86% confidence
Finding: .env.local

Credential Access

High

Category: Privilege Escalation
Content: sed -i "s|^MONGODB_URI=.*|MONGODB_URI=$MONGODB_URI|" "$ENV_FILE" sed -i "s|^MONGODB_DB_NAME=.*|MONGODB_DB_NAME=$MONGODB_DB_NAME|" "$ENV_FILE" fi echo "✅ Switched to MongoDB Atlas. .env.local updated." echo "" echo "🔨 Rebuilding..." cd "$PLATFORM_DIR"
Confidence: 86% confidence
Finding: .env.local

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal