Security audit

reddit-digest

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Reddit posts and writes local digest files in a way that matches its stated purpose, with no evidence of deception, credential access, exfiltration, or destructive behavior.

Install only if you want an agent to fetch public Reddit content through autocli and save digest artifacts locally. Set REDDIT_DIGEST_BASE_DIR to a workspace-owned folder before running, review the subreddit target, and expect temporary JSON files plus a Markdown output to remain on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill invokes shell commands, reads local files, and writes fetched Reddit data to disk, yet declares no permissions or user-facing consent boundary. This can cause the agent to perform network-backed collection and local filesystem writes unexpectedly, reducing transparency and weakening least-privilege controls.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented behavior promises a polished digest workflow, but the actual instructions mainly fetch raw data, store intermediate JSON files, and rely on undeclared external components and manual analysis steps. This mismatch can mislead users and calling agents about what will be executed, what data will be retained locally, and whether output constraints are actually enforced.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The activation phrases are broad and can cause the skill to trigger on loosely related requests, leading to unintended network access and local file writes. Overbroad invocation criteria increase the chance that a user asking for general Reddit help accidentally launches a scraping-and-persistence workflow they did not specifically request.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description does not clearly warn users that it will perform network scraping and write multiple files locally, including temporary JSON artifacts and a final Markdown output. Hidden side effects are dangerous because users may unintentionally expose browsing activity, consume resources, or persist third-party content onto sensitive machines.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal