skill-c-fetch-minutes

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs Review because it automates sensitive Gitea writes and meeting-data handling with broad repository scope and risky setup defaults.

Install only in a controlled environment with a least-privilege Gitea bot token, HTTPS-only Gitea URL, and a clear list of repositories the bot may modify. Review logs and scan output handling because meeting transcripts and participant emails may be exposed to the runner or orchestration logs. Pin dependencies and avoid sourcing untrusted .env content before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill orchestrates shell commands, reads local env files, performs network access, and writes/commits files, yet it declares no explicit permissions. This creates a hidden trust boundary: an agent or reviewer may approve or invoke the skill without realizing it can access credentials, modify repositories, and send external data over the network.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill performs impactful actions—writing meeting artifacts, committing to Gitea, changing workflow status, and triggering outbound organizer email—without an explicit warning or confirmation boundary in the skill description. In an agentic environment, that increases the risk of unintended data modification, accidental disclosure of meeting content, and silent side effects during automated runs.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script aggregates participant email addresses and later emits them in the JSON output, and in some paths also includes full transcript content. That creates a privacy and data-minimization risk: any downstream consumer, log sink, or operator with access to the scan output can obtain personal contact data and potentially sensitive meeting content beyond what is necessary for classification.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script executes `source "$ENV_FILE"` on a user-editable file, which means any shell code placed in that file will run with the privileges of whoever launches setup. A `.env` file is typically expected to contain passive key/value data, so treating it as executable shell creates a realistic code-execution path if the file is modified maliciously or carelessly.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0 PyYAML>=6.0 pytz>=2023.3
Confidence: 94% confidence
Finding: requests>=2.28.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0 PyYAML>=6.0 pytz>=2023.3 python-dateutil>=2.8.2
Confidence: 94% confidence
Finding: python-dotenv>=1.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0 PyYAML>=6.0 pytz>=2023.3 python-dateutil>=2.8.2
Confidence: 95% confidence
Finding: PyYAML>=6.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 python-dotenv>=1.0.0 PyYAML>=6.0 pytz>=2023.3 python-dateutil>=2.8.2
Confidence: 92% confidence
Finding: pytz>=2023.3

Unpinned Dependencies

Low

Category: Supply Chain
Content: python-dotenv>=1.0.0 PyYAML>=6.0 pytz>=2023.3 python-dateutil>=2.8.2
Confidence: 92% confidence
Finding: python-dateutil>=2.8.2

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 88% confidence
Finding: requests

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 90% confidence
Finding: PyYAML

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal