Back to skill

Security audit

Google News Api

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: fetch Google News through BrowserAct, but users should handle the BrowserAct API key carefully.

Install only if you intend to use BrowserAct for Google News retrieval. Set BROWSERACT_API_KEY in your environment or secrets manager rather than pasting it into chat, and be aware that news queries are sent to BrowserAct's external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes a Python script, reads an environment variable, and performs external API/network access, but it does not declare corresponding permissions. This weakens review and consent boundaries because the agent may execute code with broader capabilities than the metadata transparently communicates.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad and map to common requests such as finding news or monitoring trends, which increases the chance the skill auto-activates in situations the user did not specifically intend. Because the skill can run code and make network requests, overbroad activation expands the attack surface and may cause unnecessary external data access.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask the user to provide an API key directly in chat, which is a sensitive secret-handling anti-pattern. Chat channels are often logged, retained, or exposed to other tools, so collecting credentials this way creates a real risk of secret leakage and account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.