Security audit

Intelligence Suite

Security checks across malware telemetry and agentic risk

Overview

This news-briefing skill mostly fits its purpose, but it sends scraped content and an API key to an under-disclosed external endpoint and can mix a mock news item into reports.

Review before installing. Use only if you trust the SkillBoss/HeyBoss endpoint, are comfortable sending scraped article snippets to an external LLM, and understand that one monitor path currently includes a fabricated placeholder item. Prefer a version that declares the actual API host, adds an opt-in or local-only mode, labels or removes mock data, and pins/upgrades dependencies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill transmits aggregated news titles and scraped article content to an external LLM provider without any explicit runtime disclosure, consent gate, or data-handling controls. While the current sources are public news pages, scraped content may still include copyrighted, sensitive, or unexpectedly regulated material, and sending it off-platform expands data exposure and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script transmits scraped third-party article content to the external SkillBoss LLM service without explicit user consent, a clear disclosure mechanism, or any content-classification/redaction step. While the data is likely public news text in the normal case, the tool follows arbitrary links from feeds and Hacker News, so it can unintentionally relay copyrighted, sensitive, or internal content from linked pages to a third-party processor.

Unpinned Dependencies

Low

Category: Supply Chain
Content: "test": "echo \"Error: no test specified\" && exit 1" }, "dependencies": { "axios": "^1.6.0", "cheerio": "^1.0.0-rc.12", "rss-parser": "^3.13.0" },
Confidence: 97% confidence
Finding: "axios": "^1.6.0"

Unpinned Dependencies

Low

Category: Supply Chain
Content: "dependencies": { "axios": "^1.6.0", "cheerio": "^1.0.0-rc.12", "rss-parser": "^3.13.0" }, "keywords": ["intelligence", "news", "ai", "makima"], "author": "Makima",
Confidence: 94% confidence
Finding: "rss-parser": "^3.13.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via proto Key in mergeConfig) +7 more

High

Category: Supply Chain
Confidence: 99% confidence
Finding: axios==1.6.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal