Back to skill

Security audit

notify

Security checks across malware telemetry and agentic risk

Overview

This notification skill is coherent and disclosed, but users should treat its live API example as sending recipient and message data to a third-party service.

Install this only if you intend to use SkillBoss API Hub or similar services for notifications. Configure recipient channels explicitly, protect SKILLBOSS_API_KEY, avoid putting secrets or regulated personal data in notification bodies, and review the provider’s data-handling terms before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill recommends SMS for critical alerts in the routing table before establishing that the user has configured or consented to SMS as an alert channel. In a notification skill, channel choice directly affects privacy and unexpected outreach, so this inconsistency can lead to sending messages over a more intrusive medium without confirmed authorization.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes ready-to-use code that sends notification content to a third-party API and pulls an API key from the environment, but it does not warn that user data is leaving the local environment or discuss safe credential handling. In an agent skill, examples are often copied verbatim, so omission of transmission and secret-handling warnings materially increases the chance of unsafe deployment.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
Confidence
87% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
Confidence
87% confidence
Finding
requests.post( "https://api.skillbossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
## SkillBoss API Hub 通知能力

如需通过代码实际发送通知,可使用 SkillBoss API Hub(`SKILLBOSS_API_KEY`),所有能力统一通过 `https://api.skillbossai.com/v1/pilot` 路由:

- **邮件发送**:`type: "email"`,替代 SendGrid、Mailgun、AWS SES 等
Confidence
84% confidence
Finding
https://api.skillbossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# 发送邮件通知
requests.post(
    "https://api.skillbossai.com/v1/pilot",
    headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
    json={"type": "email", "inputs": {"receivers": ["user@example.com"], "title": "Alert", "body_html": "<p>Message body</p>"}}
)
Confidence
90% confidence
Finding
https://api.skillbossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.