Trump Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a small public-news tracker and novelty predictor, but its output should not be trusted as current or secure without fixes.

Install only if you are comfortable running a Python script that fetches public RSS feeds and installs unpinned Python packages. Treat the predictor as entertainment, not reliable news or market guidance; remove verify=False and label or remove the stale fallback data before relying on results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises executable scripts that perform network access and shell-invocable operations, but it declares no permissions or boundaries. This creates a transparency and least-privilege problem: an agent or reviewer cannot reliably understand what the skill may access, increasing the chance of unexpected data access or outbound requests during use.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The fallback path presents hardcoded sample items as if they were current 'real-time' or 'global live capture' news, which is a deceptive integrity issue. In a monitoring/prediction skill, users may make decisions based on the false belief that the data is fresh and externally sourced, so this misrepresentation can mislead downstream analysis even though it is not a code-execution flaw.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The inline comments and printed messages explicitly describe the hardcoded dataset as live synchronized capture, creating a direct mismatch between implementation and claimed behavior. In the context of a political/news tracking skill, that increases the risk of misinformation and false trust in the output, especially because the model then produces authoritative-looking predictions from static data.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description is broad and open-ended ('real-time monitoring' and prediction) without defining when the skill should activate, what inputs it accepts, or what actions it may take automatically. In agent settings, vague activation boundaries can cause over-triggering, unintended network retrieval, or use in contexts the user did not intend.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill metadata and content are primarily Chinese-language and do not clearly state that Chinese output is optional or user-selected. While not directly a code-execution flaw, forcing a language without opt-in can mislead users, reduce oversight, and make it harder for operators to notice risky behavior or misunderstand the skill's scope.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The code explicitly disables TLS certificate verification with verify=False for HTTPS RSS feeds. This allows man-in-the-middle interception or content tampering, which is especially relevant here because untrusted remote news content is ingested and then trusted enough to parse and display, so a network attacker could inject misleading or malicious data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal