Back to skill

Security audit

CamelCamelCamel Alerts

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for checking a user-provided price-alert RSS feed, with some setup and privacy cautions but no evidence of hidden or malicious behavior.

Before installing, confirm the scripts match how you want notifications delivered, keep your CamelCamelCamel RSS URL private, and review any cron entry because it will keep running on your machine until you remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a mismatch because the description presents a complete workflow that monitors CamelCamelCamel RSS alerts and sends Telegram notifications, but the implemented code only partially fulfills that. The Python script correctly fetches and parses RSS data and detects new items using a cache, which aligns with the monitoring portion. However, the shell script does not send messages to Telegram; it merely formats alert output for some external parent process. Additionally, it expects stdin to be a raw JSON array, while fetch_rss.py outputs an object containing timestamp, alerts, and count, so the two components do not cleanly work together as described. There is no hidden malicious behavior, but the declared functionality overstates what the code actually does.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This markdown file describes using a personal RSS URL in cron commands and notes that each person needs their own unique feed ID, which implies the URL can identify or expose a user's private alert feed. However, it does not explicitly warn users not to share, log, or expose that URL in command history, process lists, or shared cron definitions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.