Report Builder

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it also runs an undeclared local Notion pipeline and records Telegram delivery metadata without clear disclosure.

Review before installing. Use only if you trust the local notion-pipeline code and expect delivery metadata to be written outside Telegram. Prefer dry-run first, and run it in an environment with only the needed Notion and Telegram credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: After sending the Telegram message, the script silently forwards report metadata to an external Notion/factory-ops pipeline using a hard-coded local skill path. This creates an undeclared cross-system data flow, which can leak operational metadata and violate least-privilege or user expectations, especially because the manifest only describes Telegram report generation/sending.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script performs two externally significant actions—sending a Telegram message and then recording metadata in another pipeline—without any user-facing disclosure or confirmation. In an agent-skill setting, hidden side effects are dangerous because operators may believe they are only generating or sending a report, while the skill also persists data elsewhere.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal