AI Frontier Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI-news briefing skill that fetches public sources, scores items, and can archive or send the generated report.

Install only if you want an AI-news briefing tool that runs local scripts, contacts public web sources, saves runtime data under the skill directory, and may send reports to Feishu. Review the Feishu recipient configuration and invoke the skill explicitly for briefing tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises and instructs use of shell execution, local file reads/writes, and persistent storage, but the metadata shown does not declare corresponding permissions. That creates a trust-boundary problem: users or the host may not realize the skill can execute commands and overwrite files, increasing the chance of unintended code execution or data modification.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented behavior goes beyond a simple briefing generator: it includes persistent crawling/state storage, classification logic, and outbound delivery, while one claimed track is not actually implemented. This mismatch can mislead operators about what the skill really does, undermining informed consent and security review, especially when the skill fetches external content and writes local state.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill specifies two nontrivial side effects—sending messages to Feishu and overwriting a dated Markdown file—without clear user-facing consent or warning at point of use. If auto-invoked, it could exfiltrate generated content to an external recipient or modify local files unexpectedly, which is especially risky in agent environments with ambient credentials.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad, conversational phrases such as '今天有什么信号' and '看看有什么新动态' that can plausibly appear in ordinary discussion, increasing the chance the skill activates when the user did not explicitly intend to invoke this briefing workflow. In an agent setting, unintended activation can cause the system to fetch external sources, generate unsolicited summaries, or override a more appropriate skill, which is a genuine routing and least-surprise risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal