AI News Pusher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI-news fetching, scoring, storing, and optional Feishu-push tool with no artifact evidence of hidden or destructive behavior.

Install only if you want automated AI-news collection and optional Feishu posting. Start with RSS-only or dry-run mode, set only the keys you need, review LLM-scored items before enabling scheduled pushes, protect FEISHU_WEBHOOK_URL and OPENCLAW_GATEWAY_TOKEN, and periodically inspect or delete the local data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documents capabilities to access environment variables, read/write local files, make network requests, and invoke shell commands, but it does not declare any permissions. This undermines least-privilege review and can cause operators to approve a skill without realizing it can exfiltrate secrets, persist data, or trigger external actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The stated purpose focuses on news fetching and scoring, but the documented behavior also includes external webhook posting, scheduled job creation via a gateway/token workflow, local persistence of review and feedback data, and calls to third-party LLM providers. These extra behaviors materially expand the trust boundary and could lead to unauthorized outbound messaging, persistence of sensitive data, or misuse of scheduling/control infrastructure if users enable the related environment variables.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code sends full news title/content and related metadata to external LLM providers when an API key is present, but there is no consent flow, minimization, or disclosure in this module. If articles contain sensitive, proprietary, or personal data, that data is transmitted to third parties and may be logged or retained by the provider.

Ssd 1

Medium

Confidence: 95% confidence
Finding: User-controlled news title/content are interpolated directly into the LLM prompt, so a crafted article can include prompt-injection text that manipulates the model's scoring output or JSON format. In this skill, that can cause malicious or low-value content to be misclassified into higher-priority buckets such as auto_push, undermining trust in downstream automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal