Back to skill

Security audit

每日热榜

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed public hot-news aggregator with local storage and optional notification features, not a hidden data-stealing or destructive tool.

Install this only if you want a local public hot-news aggregation skill. Review the separate DailyHotApi backend before running it, disable auto-save if you do not want local history, and enable Feishu or scheduled push only after confirming the destination, credentials, schedule, and how to turn it off.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities including network access, local file reads/writes, environment-variable configuration, and scheduled push behavior, yet no explicit permissions are declared. This creates a transparency and governance gap: users and the runtime may not have a clear consent boundary for data persistence and outbound access, increasing the chance of over-privileged or unexpected behavior.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The declared purpose is a hot-ranking query skill, but the documented behavior extends into persistent local storage, history management, filtering/monitoring, summarization, and vertical aggregation. This mismatch is dangerous because it broadens the operational scope beyond what a user would reasonably expect, which can hide data retention and secondary processing behaviors behind an apparently simple lookup tool.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This module introduces a keyword-based cross-platform monitoring capability that goes beyond the declared daily hot-list browsing/push behavior. Scope expansion like this is dangerous because it enables broader surveillance-style use and data collection than users or reviewers would reasonably expect from the skill manifest.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The code fetches hot-list data from all configured platforms first and only then filters for arbitrary user-supplied keywords, effectively creating a broad cross-platform monitoring tool. This increases privacy and abuse risk because the skill can be repurposed to track topics, people, or events across many sources without that capability being clearly declared in the skill's stated functionality.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README includes broad natural-language examples like '有什么科技热榜', '游戏有什么热点', and similar conversational phrases that could overlap with ordinary user chat and cause the skill to be invoked unintentionally. In an agent environment, ambiguous triggers can lead to unexpected network requests, data retrieval, monitoring setup, or message delivery actions without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README advertises history retention, personalized subscriptions, monitoring, and automated notifications, but it does not clearly explain retention duration, what data is stored, where it is stored, or when outbound messages are sent. This creates a privacy and consent risk because users may unknowingly enable persistent tracking or message delivery features that continue beyond the immediate session.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README describes scheduled push behavior and explicitly mentions Feishu message delivery, but it does not clearly disclose what user data, subscriptions, or hot-topic content may be sent to that external service. In an agent skill context, unclear outbound notification behavior can cause unintended data sharing and weakens user consent around external transmissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states that it automatically saves hot-list data locally and supports scheduled pushing to Feishu, but it does not clearly warn users about persistence and external transmission side effects at the point of use. Even if the stored data is not highly sensitive by default, undisclosed retention and outbound delivery create consent, privacy, and operational-risk concerns.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
User preferences are written to local disk without any explicit notice, consent flow, retention policy, or protection of the stored file. While the data is not highly sensitive by default, interest profiles and platform preferences can still reveal personal habits, and silent persistence increases privacy risk on shared hosts or multi-tenant environments.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# DailyHotApi Skill - 依赖列表

# 核心依赖
requests>=2.28.0
aiohttp>=3.8.0

# 可选依赖(用于测试)
Confidence
91% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 核心依赖
requests>=2.28.0
aiohttp>=3.8.0

# 可选依赖(用于测试)
pytest>=7.0.0
Confidence
91% confidence
Finding
aiohttp>=3.8.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
aiohttp>=3.8.0

# 可选依赖(用于测试)
pytest>=7.0.0
pytest-asyncio>=0.20.0
Confidence
79% confidence
Finding
pytest>=7.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 可选依赖(用于测试)
pytest>=7.0.0
pytest-asyncio>=0.20.0
Confidence
78% confidence
Finding
pytest-asyncio>=0.20.0

Known Vulnerable Dependency: requests==2.28.0 — 7 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +4 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests==2.28.0

Known Vulnerable Dependency: aiohttp==3.8.0 — 10 advisory(ies): CVE-2026-54279 (aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
aiohttp==3.8.0

Known Vulnerable Dependency: pytest==7.0.0 — 2 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling); CVE-2025-71176 (pytest has vulnerable tmpdir handling)

High
Category
Supply Chain
Confidence
88% confidence
Finding
pytest==7.0.0

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.