Security audit

news-daily

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it weakens HTTPS security while handling a Feishu webhook, so users should review or patch it before installing.

Install only after accepting or fixing the transport-security risk. Remove the disabled TLS verification, keep the Feishu webhook in a protected environment variable or secret store, avoid committing config.json, and enable cron or hooks only if you want automatic recurring posts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation shows capabilities to read environment/configuration, access local files, and perform outbound network requests, yet it declares no permissions. This creates a transparency and consent gap: operators may install or schedule the skill without realizing it can read secrets and transmit data externally, which is especially relevant because it uses a Feishu webhook and RSS fetching.

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The script globally disables TLS certificate validation by setting check_hostname=False and verify_mode=ssl.CERT_NONE, then reuses that context for both RSS fetches and Feishu webhook delivery. This makes HTTPS connections vulnerable to man-in-the-middle interception or tampering, allowing an attacker on the network path to inject malicious feed content, steal the webhook destination traffic, or alter outbound requests/responses.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly fetches content from RSS sources and sends formatted results to a Feishu webhook, but the documentation does not clearly warn users that it performs outbound network transmission to third-party services. This can lead to unintentional data egress and weak informed consent, especially when the skill is configured to run automatically.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions ask users to place the Feishu webhook in an environment variable or config file, but do not state that the webhook URL is effectively a secret that can be abused to post messages into the target chat if leaked. This raises the risk of credential mishandling, accidental commits, and unauthorized message injection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal