Competitor Radar

Security checks across malware telemetry and agentic risk

Overview

This competitor-monitoring skill mostly matches its purpose, but it needs review because it ships with active preset targets, stores license identity data, persists monitoring history, and sends digests through third-party channels.

Review before installing. Clear or deactivate the bundled competitors, confirm exactly which cron jobs and delivery channels will run, use dedicated low-scope bot tokens or webhooks, avoid tracking internal/private URLs, and only activate a paid license if you are comfortable with the license key and purchaser email being stored locally in plaintext.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def curl_fetch(url: str, timeout: int = 10) -> str | None: try: result = subprocess.run( [ "curl", "-sL", "--max-time", str(timeout), "--user-agent", "Mozilla/5.0",
Confidence: 93% confidence
Finding: result = subprocess.run( [ "curl", "-sL", "--max-time", str(timeout), "--user-agent", "Mozilla/5.0", "--compressed", url,

subprocess module call

Medium

Category: Dangerous Code Execution
Content: + ["--channels"] + channels ) try: subprocess.run(cmd, timeout=30) except Exception as e: print(f"[alert] Delivery error: {e}", file=sys.stderr) finally:
Confidence: 84% confidence
Finding: subprocess.run(cmd, timeout=30)

Tainted flow: 'cmd' from os.environ.get (line 131, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: "-d", json.dumps(payload), ] try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=15) if result.returncode != 0: print(f"[deliver/discord] curl failed: {result.stderr[:100]}", file=sys.stderr) return False
Confidence: 72% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True, timeout=15)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to use shell, file I/O, environment inspection, and network access, but it declares no permissions or equivalent user-facing capability disclosure. That creates an authorization and transparency gap: users may invoke a competitor-tracking skill without realizing it can write local state, create cron jobs, contact external services, and deliver messages to third-party platforms.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The advertised purpose is competitor monitoring, but the instructions also include license activation, tier enforcement, and storage of purchaser/license metadata. This hidden secondary behavior broadens data processing beyond user expectations and could cause users to disclose license keys or personal data to external services without understanding that this is part of the skill's operation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to place long-lived secrets for Slack, Telegram, Discord, Twilio, and GitHub into shell profiles, but gives no warning about secret handling, least privilege, rotation, or avoiding accidental exposure via dotfile sync, shell history, screenshots, or shared hosts. This is a real security weakness in operational guidance because users may persist broadly scoped credentials in insecure locations and expose downstream messaging, GitHub, or Twilio accounts if those secrets are leaked.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The README promotes automated scraping, indefinite snapshot retention, and delivery of collected intelligence to third-party messaging platforms without any privacy, retention, or compliance warning. In this skill's context, that increases risk because archived competitor content, hiring data, and alerts may contain sensitive business intelligence that is stored long-term and redistributed across external channels, expanding exposure if a workspace or messaging integration is compromised.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill performs extensive external monitoring of competitor sites and sends digests/alerts to third-party messaging channels, but the description does not warn users about this collection and onward transmission. In context, that increases the risk of unintentional data sharing, misconfigured notifications, or compliance/privacy issues if sensitive summaries are pushed to external channels.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The activation flow tells the agent to submit a license key to `scripts/license.py --activate` but does not warn the user that the key may be transmitted to an external verification service. License keys are sensitive secrets; undisclosed transmission can expose them to interception, misuse, or unexpected retention by third parties.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script reads the full digest and sends it to all configured channels with no consent prompt, policy check, redaction step, or warning about third-party disclosure. In this skill context, competitor intelligence may include non-public analyst notes or sensitive business insights, making silent forwarding to Slack, Telegram, WhatsApp, or Discord materially risky.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script stores the full license key and purchaser email in plaintext on disk without any warning, minimization, or protection. On shared systems or in environments with weak file permissions, this creates unnecessary exposure of sensitive purchase credentials and personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal