multi-news-aggregator-via x402

Security checks across malware telemetry and agentic risk

Overview

This skill is a paid remote news-search integration, but it asks agents to use a crypto private key for payments while being mislabeled as local-only.

Review before installing. Use only a dedicated low-balance wallet or delegated signer, keep the private key out of prompts, logs, and source control, and require explicit per-call approval or spending limits. Treat all searches as data sent to a third-party paid API despite the Local Only label.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Low

Confidence: 95% confidence
Finding: The skill is labeled 'Local Only' even though it explicitly instructs the agent to send POST requests to https://www.x402api.app/. This can mislead operators into believing no external communication occurs, reducing scrutiny around data egress, billing, and trust boundaries.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation directs users to configure an EVM private key and demonstrates signing payment payloads for external requests, but it does not include a prominent warning about secret handling, wallet risk, or external transmission of user queries. In an agent setting, this increases the chance of unsafe key exposure, unintended paid requests, and sensitive prompt/query data being sent to a third-party service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal