Back to skill

Security audit

ai-agent-news-aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI-news-to-Feishu automation, but users should review it because it can be configured for recurring chat posts and its scripts overstate whether collection and delivery actually happen.

Install only after editing sources.json to remove or replace the bundled Feishu channel ID. Run the pipeline in dry-run mode first, review the generated digest and destination, and enable cron only after confirming who will receive the messages and how to disable the schedule. Treat the current scripts as partial/demo automation unless Feishu delivery and live fetching are implemented or handled by trusted OpenClaw tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill documentation describes capabilities that imply file access, network access, shell execution, and writing configuration or output, but it does not declare permissions. Undeclared capabilities reduce transparency and informed consent, making it easier for a skill to overreach or surprise operators when integrated into an agent environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior materially overstates what the skill actually does: it claims live collection, filtering, summarization, Feishu delivery, and scheduling, while the implementation reportedly only mocks or simulates key actions. This is dangerous because users may trust the output as current, delivered, and automated when it is not, creating operational blind spots and making it easier to hide future malicious behavior behind misleading documentation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function and surrounding comments claim the script sends messages to Feishu, but it only fabricates a success-like result locally. In an automation skill intended for scheduled news delivery, this can cause silent delivery failure while operators believe notifications were sent, undermining monitoring and downstream decisions.

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The documentation states the function returns a message ID or error information, but the code returns fabricated metadata such as a preview and timestamp without verifying delivery. This mismatch can mislead callers into treating unsent messages as successfully delivered, especially in unattended cron workflows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill is designed to automatically post collected content into Feishu chats, including via scheduled runs, but the description does not present that behavior as a prominent warning or consent-sensitive action. Automatic outbound posting can leak internal interests, spam channels, or send unreviewed external content into organizational communications if users do not understand the posting behavior upfront.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.