Back to skill

Security audit

RSS Feeds

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it fetches configured RSS feeds and can optionally create Ghost drafts or send notifications when those integrations are configured.

Install this only if you want automated feed digests. Start with dryRun or omit ghost and notify while testing. If you enable Ghost or notifications, treat the generated digest as data shared with those services, protect the Ghost admin key, and avoid using private feeds unless their summaries are safe to publish or message.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises networked feed fetching, CVE enrichment, Ghost publishing, and notifications, yet the documentation shows no explicit permission model or warning about the required network and shell-like capabilities. This creates a transparency and governance gap: operators may enable the skill without understanding it can make outbound requests and invoke external messaging mechanisms, increasing the chance of unintended data egress or misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented description emphasizes RSS/Atom digests but the behavior also includes scheduled execution, a manually invocable tool, and external CLI-based message sending. That mismatch is security-relevant because hidden or under-described execution paths can trigger network activity or notifications outside expected operator awareness, which can be abused for unauthorized actions or data transmission.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README documents automatic Ghost draft publishing and outbound notifications, but it does not prominently warn that normal execution can send content to third-party services and create remote draft posts unless dryRun is used. In an agent/plugin ecosystem, operators may enable the plugin based on the README and unintentionally exfiltrate feed-derived content or trigger external side effects, especially during testing or evaluation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that Ghost drafts and channel notifications may be sent, but it does not prominently warn that running the skill can transmit generated digest content to third-party services. This is dangerous because users may supply sensitive feed-derived summaries, metadata, or internal context without realizing the content will be externally published or messaged.

VirusTotal

No VirusTotal findings

View on VirusTotal