Content360

Security checks across malware telemetry and agentic risk

Overview

This is a real Content360 and Notion sync skill with sensitive account access, but the behavior is largely disclosed and aligned with its stated purpose.

Install only if you intend to let this skill act on your Content360 workspace and Notion content calendar. Replace all publisher-specific values with your own, store secrets only in the intended secret manager, start with --dry-run, verify the Content360 org, Notion database, and target social accounts, then run the real sync only when you want external records changed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill documentation indicates it uses environment secrets and network access, but it does not declare permissions or otherwise clearly scope those capabilities for users. In a skill that handles API tokens, session auth, and external synchronization, missing capability disclosure reduces informed consent and can hide the real security boundary of the integration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill is presented as a broad Content360 integration, but the documentation also describes a Notion-to-Content360 sync flow and omits that it reads and updates a Notion content calendar. This mismatch is dangerous because users may grant credentials and run the skill without understanding that it accesses a second service and can modify scheduling/publishing state beyond the advertised scope.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The README instructs users to configure a specific personal email address as the secret value for CONTENT360_EMAIL. Publishing or hard-coding a real individual's account identifier in setup guidance can lead to misdirected authentication attempts, privacy exposure, and accidental use of someone else's account, which is unnecessary for a generic integration skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README describes a real sync flow that creates posts in Content360 and marks records as posted in Notion, but it does not clearly warn that running the non-dry-run command will modify external systems. In an agent skill context, this increases the risk of unintended data creation, status corruption, and irreversible operational changes if a user runs the commands without understanding their side effects.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The setup instructions tell users to supply email/password credentials and a bearer token, but they do not include clear guidance on securely handling these secrets or the resulting session data. Because the skill relies on multiple sensitive auth artifacts, poor handling could expose account access through logs, screenshots, copied configs, or insecure storage.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The markdown enumerates delete, approve, schedule, queue, import, and webhook operations affecting live social media workflows, but it does not clearly warn users that these actions can remove content or change publication state. In a multi-platform publishing context, accidental use could lead to unintended deletions, premature publication, or external callback exposure across business accounts.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to store a login email and password for automatic session authentication, but it provides no credential-handling, storage, rotation, or least-privilege warning. Collecting primary account credentials materially increases compromise risk versus using scoped tokens alone, especially when the skill also notes that tokens depend on active sessions.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script performs live remote actions by default: it creates posts in Content360 and patches Notion records unless --dry-run is supplied. Because the usage text does not clearly warn that execution causes external writes, a user may run it expecting a read-only sync and unintentionally publish or queue content and alter tracking state in Notion.

VirusTotal

No VirusTotal findings

View on VirusTotal