Generate News Article

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it embeds a third-party API key and uses hard-coded local paths, so users should review and modify it before running.

Install only if you are comfortable editing the script first: remove and rotate the bundled SerpAPI key, require your own key via environment variable or secret storage, replace the hard-coded local paths with workspace-relative configuration, avoid untrusted keyword/count inputs until the heredoc interpolation is fixed, and consider disabling or validating remote image downloads before using generated articles.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises network access, file reads, and file writes through its documented behavior, but it declares no permissions. That creates a transparency and consent problem: users and platforms cannot accurately evaluate or constrain what the skill will do before execution, especially since it writes files and downloads remote content.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: This is a substantial behavior mismatch because the skill is presented as article generation, while the analysis indicates additional risky behaviors: a hard-coded API key, use of fixed absolute paths outside the skill directory, and downloading arbitrary remote images from result metadata. Those behaviors increase the chance of credential exposure, unintended modification of local files, and unsafe network retrieval beyond what a user would reasonably expect from the description.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The script hard-codes a live SerpAPI API key directly in source and uses it at runtime. Embedded secrets are easily exposed through source sharing, logs, backups, or repository history, enabling unauthorized API use, quota exhaustion, and possible billing or account abuse.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill description suggests article generation from search results, but the implementation also fetches remote images from result-supplied thumbnail or favicon URLs. This expands the trust boundary to arbitrary third-party hosts, creating SSRF-like network exposure, unexpected outbound requests, and ingestion of untrusted files into the local workspace.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: Mentioning use of an API key without any credential-handling guidance is risky because users may expose secrets through logs, hard-coded values, or accidental publication in generated artifacts or repositories. In a skill that performs network requests, secret-handling expectations should be explicit to reduce leakage risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script silently retrieves remote images from arbitrary URLs with only generic progress messages, so users may not realize the skill is making extra network requests beyond the search query. In an agent setting, undisclosed outbound fetches can leak usage patterns, contact malicious infrastructure, and import untrusted content without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal