Back to skill

Security audit

WitPulse-redditnews

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Reddit RSS headlines and stores a small local headline cache; its behavior is disclosed enough for installation with normal caution.

Install only if you are comfortable running the included Python/Bash scripts, contacting Reddit for configured subreddits, and storing fetched public headlines in the skill folder. Review config.json to remove topics you do not want, and treat Reddit headlines and links as untrusted external content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises itself as text-driven, yet the documentation instructs the agent to run local Python and shell scripts that imply filesystem access, network access, and likely local data persistence without any declared permissions or transparent capability disclosure. This weakens security boundaries because agents or users may invoke code with broader privileges than expected, increasing the chance of unintended data access, local file modification, or network exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
There is a significant mismatch between the claimed behavior and the described/observed implementation: the skill claims contextual analysis and commentary generation, but appears to only fetch Reddit feeds, validate connectivity, write local data, and filter titles using hardcoded keywords. Behavior mismatches are dangerous because they prevent informed consent, obscure actual data handling, and can hide broader collection or execution behavior behind a benign-sounding description.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.