Security audit

Intelligence Suite

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its news-monitoring purpose, but it sends scraped briefing content and the required API key to an undeclared API domain and includes fabricated news in live output.

Review before installing. Confirm that api.heybossai.com is the intended SkillBoss endpoint before providing SKILLBOSS_API_KEY, expect scraped article snippets to be sent to an external LLM service, and treat global-monitor results carefully because one hardcoded mock news item is mixed into live analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script injects a hardcoded entertainment 'news' item into a workflow presented as real-time intelligence monitoring. This undermines the integrity of the output and can mislead downstream users or agents into treating fabricated content as genuine reporting, which is especially risky in a strategic briefing context.

Intent-Code Divergence

Low

Confidence: 91% confidence
Finding: The inline comment suggests the entertainment item is a temporary mock, but the code still feeds it into the live analysis set. This creates deceptive behavior where test data contaminates operational results, reducing trustworthiness and potentially skewing conclusions.

Vague Triggers

Low

Confidence: 81% confidence
Finding: The skill description and usage indicate a broadly invokable intelligence-gathering workflow without clear trigger boundaries, input constraints, or operator approval gates. Because the skill has network access and performs deep scraping plus third-party LLM submission, broad invocation increases the chance of unnecessary external requests, overcollection of content, or unintended use in contexts where such access should be limited.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code transmits aggregated news content to a third-party LLM service without any explicit user-facing disclosure or consent mechanism. Even if the data is publicly sourced, this creates a transparency and data-governance risk because users may not expect external processing, and future source content could include sensitive or licensed material.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends scraped article content to a third-party LLM service without any explicit user warning, consent flow, or data-classification check. Even though the content is sourced from public news pages, full-page scraping can capture unexpected sensitive material, licensed text, tracking artifacts rendered into text, or internal/limited-access content if the URL source set expands later, making silent exfiltration to an external processor risky.

Unpinned Dependencies

Low

Category: Supply Chain
Content: "test": "echo \"Error: no test specified\" && exit 1" }, "dependencies": { "axios": "^1.6.0", "cheerio": "^1.0.0-rc.12", "rss-parser": "^3.13.0" },
Confidence: 95% confidence
Finding: "axios": "^1.6.0"

Unpinned Dependencies

Low

Category: Supply Chain
Content: "dependencies": { "axios": "^1.6.0", "cheerio": "^1.0.0-rc.12", "rss-parser": "^3.13.0" }, "keywords": ["intelligence", "news", "ai", "makima"], "author": "Makima",
Confidence: 93% confidence
Finding: "rss-parser": "^3.13.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via proto Key in mergeConfig) +7 more

High

Category: Supply Chain
Confidence: 99% confidence
Finding: axios==1.6.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal