Ai News Aggregator

Security checks across malware telemetry and agentic risk

Overview

This news skill appears to perform disclosed public-source aggregation, with the main caveat that broad runs may contact many external feeds.

Before installing, be aware that using broad news aggregation modes may make outbound requests to many public websites. This is proportionate for a news aggregator, but users in bandwidth-limited, private, or compliance-sensitive environments should prefer narrower queries or source-limited runs when available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises concurrent fetching from 100+ RSS and external sources but does not clearly warn users that invoking it may trigger extensive outbound network access. In an agent environment, this can create privacy, compliance, bandwidth, and unexpected external-contact risks, especially if users do not realize a simple request may contact many third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal