Daily Hot Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is mostly a hot-list aggregation tool, but it ships hidden credential-like values and an enabled webhook configuration that users should review before installing.

Review before installing. Remove the embedded Weibo cookie, replace or delete the bundled WeCom webhook config, keep webhook keys private, and only enable scheduled collection or pushing after confirming what files are written and what content may leave your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises and documents use of shell commands, local file creation, and outbound network access, but the manifest does not declare corresponding permissions or capabilities. This creates a transparency and consent problem: users or hosting systems cannot accurately assess what the skill will access or modify before installation or execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared purpose is simple hot-list aggregation, but the documented behavior expands into persistence, analytics, scheduled automation, webhook pushing, Xiaohongshu handling, and even use of a hardcoded Weibo cookie. This mismatch undermines informed consent and materially increases risk because users may enable a seemingly simple reader while actually granting a broader data collection, storage, and exfiltration workflow.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill promotes automatic WeCom group pushing via webhook but does not clearly warn that collected data will be transmitted to an external service endpoint. Even if the data is not highly sensitive, silent or poorly disclosed outbound sharing can expose internal interests, monitoring targets, or operational patterns and may violate user expectations or policy.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script embeds a hard-coded authenticated Weibo cookie and automatically sends it to weibo.com on every request. This exposes account/session material in source code, enables unauthorized reuse by anyone who obtains the script, and may cause actions or data access to be attributed to the cookie owner without user knowledge.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This function sends arbitrary message content to an externally configured webhook endpoint, which can exfiltrate aggregated data outside the local environment. In this skill's context, external delivery is the intended feature, but the lack of explicit disclosure, destination validation, or safeguards makes accidental data leakage more likely if sensitive content is ever included in messages or if a malicious webhook is configured.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal