Back to skill

Security audit

Publisher

Security checks across malware telemetry and agentic risk

Overview

This publishing skill does what it claims, but it needs review because it stores account passwords locally in plaintext and has conflicting visibility instructions that could publish more broadly than intended.

Install only if you are comfortable with PushWebly receiving your project zip and with local credential persistence. Confirm public/private visibility explicitly before any publish, prefer providing a temporary token if possible, and remove ~/.publisher/config.json when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs storing and reusing plaintext usernames and passwords in `~/.publisher/config.json`, and to refresh tokens by logging in again from those stored credentials. Persisting reusable secrets in plaintext materially increases the risk of credential theft from local compromise, backups, logs, or other processes with filesystem access, especially because the same credentials authorize remote publishing actions.

Session Persistence

Medium
Category
Rogue Agent
Content
- Do not require Python. Optional scripts, if present, are for CLI/CI users only.
- Ask only for genuinely missing information: credentials, zip path, project
  name, public/private visibility, or private access password preference.
- Never write credentials into a project zip or repository file. Store them only
  in the user's local `~/.publisher/config.json` after consent.
- On Windows/PowerShell, use a temp JSON file for request bodies instead of
  shell-escaping inline JSON.
Confidence
92% confidence
Finding
write credentials into a project zip or repository file. Store them only in the user's local `~/.publisher

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:470