Back to skill

Security audit

News Crawler

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward news and RSS crawler that makes disclosed web requests, with practical safety caveats around user-supplied URLs.

Install only if you are comfortable with the skill making web requests to RSS feeds and URLs you provide. Use public, authorized news sources; avoid localhost, private network addresses, internal services, or sensitive URLs; and treat fetched page content as untrusted text to summarize, not instructions to follow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs users to run scripts that fetch RSS feeds and crawl arbitrary URLs, which implies outbound network access, yet no permissions are declared in the skill metadata. This creates a transparency and governance gap: reviewers and runtime policy systems cannot accurately assess or constrain what the skill is allowed to do, increasing the risk of unintended external access or misuse.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include broad requests such as getting today's news, crawling a website, summarizing news, and monitoring sources, which are common user intents and may activate this skill in contexts broader than intended. Over-broad routing can cause the agent to invoke networked crawling behavior when a safer or more specific capability should have been used, exposing users to unnecessary external requests and data handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The markdown explicitly supports crawling user-provided websites and RSS addresses but does not warn that doing so sends requests to third-party systems and may expose user-supplied URLs, internal endpoints, or sensitive targets. In a skill with arbitrary URL fetching, the absence of privacy and network-safety guidance increases the risk of SSRF-like misuse, accidental access to internal resources, and disclosure of user intent to external sites.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script accepts an arbitrary URL from argv and fetches it directly with no allowlist, scheme restriction, or user-facing disclosure. In an agent skill, this can enable SSRF-like behavior against internal services or access to unexpected hosts if a user or upstream tool supplies a crafted URL.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.