Back to skill

Security audit

News Skill

Security checks across malware telemetry and agentic risk

Overview

This news skill has a plausible purpose, but it embeds a live-looking payment key and can attempt paid billing without clear per-call user control.

Review before installing. The news functionality itself is ordinary, but the skill should rotate and remove the exposed payment key, add explicit paid-call consent and spending controls, disclose what billing data is sent, and correct the news-provider disclosure before users rely on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This news-summary skill contains an unrelated billing capability that transmits a user identifier and attempts to charge the user before fulfilling the request. Embedding payment logic in a simple content-retrieval skill is dangerous because it expands the data and trust boundary far beyond what the skill’s stated purpose requires, and in this case it is paired with a hard-coded secret and hidden network call.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill states it uses Bing News Search API via Jina but does not clearly warn users that their queries are transmitted to third-party services. This can lead to unintended disclosure of sensitive interests, internal topics, or personal data if users submit confidential prompts expecting local handling.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
A live-looking API key is embedded directly in the skill documentation, which exposes a credential to anyone who can read the file. An attacker could reuse the key for unauthorized API calls, consume paid quota, incur charges, or pivot into related services depending on the key's scope.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The billing call sends the user identifier, amount, skill identifier, and description to an external payment service without any visible consent, notice, or user-facing disclosure. In an agent skill context, silent transmission of billing-related data is especially risky because users may not realize that requesting news triggers an external charge attempt and data sharing.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
handler.py:12

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:24