Back to skill

Security audit

Publisher

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate publishing helper, but it needs review because it can upload projects publicly and store reusable login credentials locally.

Install only if you are comfortable sending selected project zip files to PushWebly. Before publishing, remove secrets or private data from the zip, explicitly choose public or private visibility, and avoid storing long-lived credentials unless you accept the risk; review or delete ~/.publisher/config.json after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill contains contradictory control-flow requirements: one section forbids auto-selecting visibility, while another says to default to public if the user does not specify it. In practice, this can cause an agent to publish content publicly without explicit user consent, creating a confidentiality and privacy risk for uploaded project files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to upload a local zip project to a remote service but does not prominently warn that local files will be transmitted off-machine. Users may unintentionally disclose proprietary source code, secrets embedded in project assets, or regulated data because the upload consequence is underexplained.

Session Persistence

Medium
Category
Rogue Agent
Content
- Do not require Python. Optional scripts, if present, are for CLI/CI users only.
- Ask only for genuinely missing information: credentials, zip path, project
  name, public/private visibility, or private access password preference.
- Never write credentials into a project zip or repository file. Store them only
  in the user's local `~/.publisher/config.json` after consent.
- On Windows/PowerShell, use a temp JSON file for request bodies instead of
  shell-escaping inline JSON.
Confidence
96% confidence
Finding
write credentials into a project zip or repository file. Store them only in the user's local `~/.publisher

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:470