Notice Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent notice monitor, but its notification path can execute local shell commands from scraped website text or configuration values.

Install only if you can run it in an isolated environment and avoid enabling DingTalk notifications or cron until the notifier is fixed to avoid shell interpolation. Replace the example DingTalk target, monitor only trusted sites, and treat webhook credentials or targets as sensitive if webhook support is added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The notifier constructs a shell command with interpolated values from configuration and scraped content, then executes it with execSync. Even though double quotes in the message are escaped, shell metacharacters such as command substitution can still be interpreted, so a malicious config.target or crafted message/title could trigger arbitrary local command execution.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents sending monitored content to an arbitrary external webhook with an Authorization header, but does not warn users that scraped notices, metadata, and credentials may be transmitted to third-party infrastructure. This can lead to unintentional data exfiltration, especially if users configure sensitive internal endpoints or reuse privileged bearer tokens.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal