Back to skill

Security audit

youmind-hashnode-article

Security checks across malware telemetry and agentic risk

Overview

This Hashnode publishing skill is mostly coherent, but it exposes under-disclosed account deletion and broader YouMind data/agent features, so it should be reviewed before install.

Install only if you are comfortable giving this skill a YouMind API key that can publish through your connected Hashnode account and may access YouMind knowledge data. Use draft mode first, require explicit approval for publishing or deleting, avoid running undocumented delete commands unless you intend permanent removal, and protect `~/.youmind/config.yaml` as a secret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares executable Bash tooling and relies on a local config containing an API key, yet it does not explicitly declare permissions for environment/config access and network use. This creates a transparency and sandboxing gap: an agent may perform outbound API calls and read sensitive local state without the permission model making that obvious to users or policy controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description frames functionality around Hashnode publishing, but the documented behavior expands into broader YouMind library search, web search, board/material/craft access, and image generation. That mismatch can mislead users and reviewers about the real data-access surface, increasing the chance of over-collection, unintended exfiltration of user content to external services, or actions the user did not reasonably expect.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The CLI exposes permanent delete operations for drafts and published posts, but the skill metadata/description only presents writing and publishing capabilities. In an agent setting, this mismatch is dangerous because orchestration layers or users may grant the skill broader trust than intended, enabling destructive actions against a connected Hashnode account with only an ID and a confirmation flag.

Context-Inappropriate Capability

High
Confidence
87% confidence
Finding
A Hashnode publishing skill includes an unrelated chat-based image generation path that can invoke a general-purpose agent mode on the remote YouMind service. This unnecessarily broadens capability and allows prompt-controlled interactions with an agent/tool chain outside the stated publishing scope, increasing the chance of misuse, unexpected data flows, or abuse of the bound API key.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README instructs users to place a YouMind API key in a local YAML config file but does not warn that the key is a secret or recommend basic protections such as restrictive file permissions, avoiding commits, and rotation if exposed. This can lead to accidental disclosure of a credential that may allow unauthorized use of the user's YouMind account and connected publishing capabilities.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The publish flow sends article content and API-key-authenticated requests to a remote YouMind/Hashnode service, but the command path does not provide a clear user-facing disclosure at the point of action that content and credentials will be transmitted off-host. In agent contexts, insufficient transparency about network/data egress can lead to unintended disclosure of sensitive draft content or misuse of connected publishing credentials.

Session Persistence

Medium
Category
Rogue Agent
Content
This skill is **self-contained and fully usable standalone.** The `youmind-article-dispatch` hub is an optional companion; it is NOT required for anything.

- **Primary mode — standalone:** Invoke directly ("Write a Hashnode article about X"). Works with zero other YouMind skills installed.
- **Author voice lookup:** This skill reads `~/.youmind/author-profile.yaml` (shared home directory — see `shared/YOUMIND_HOME.md`) for cross-platform voice preferences. Works whether or not dispatch is installed.
- **Optional dispatch-mode invocation:** When dispatch invokes this skill with a content brief containing `resolved_author`, the skill uses those fields as extra context. Without such a brief, the skill runs its own pipeline normally. Hashnode's depth-first DNA stays native to this skill.
- **Capability manifest (opt-in):** `dispatch-capabilities.yaml` is metadata that lets dispatch route intelligently. Deleting it reverts to defaults; it never breaks this skill.
Confidence
90% confidence
Finding
Write a Hashnode article about X"). Works with zero other YouMind skills installed. - **Author voice lookup:** This skill reads `~/.youmind

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
shared/config.example.yaml:2