Battery Market Watch

Security checks across malware telemetry and agentic risk

Overview

This skill coherently monitors public battery-market news and generates reports, but users should notice its network calls, local LLM use, and extra Desktop report copy.

Install in a virtual environment, expect outbound requests to news/search providers, and only set optional NewsAPI or GNews keys if you intend to use those scripts. Before running analyze_sentiment.py, confirm the localhost LLM endpoint is your own trusted service. Be aware generated Markdown and DOCX reports may also be copied to your Desktop.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no permissions while its documented workflow clearly implies network access, local file reads/writes, and likely environment use. This is dangerous because it prevents informed consent and proper sandboxing, making it easier for the skill to overreach or access local resources without explicit review.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented behavior does not fully disclose materially sensitive actions: contacting a local LLM service, using additional third-party news APIs, and copying generated reports to the local desktop. Hidden or under-documented network endpoints and write destinations increase the risk of data exfiltration, unexpected local side effects, and trust-boundary violations, especially in an agent skill that aggregates and rewrites content.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script writes reports to its data directory and then additionally copies them to the user's Desktop without an explicit user opt-in. That expands the data exposure surface, can disclose potentially sensitive research outputs to other local users or sync services, and violates least-surprise for a report-generation skill.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script transmits news title, country, and summary text to an HTTP service on localhost without any disclosure, consent, or authentication controls. Even though the endpoint is local, localhost services may be provided by other users, containers, or compromised processes, which creates an unintended data exposure path and makes prompt/content exfiltration possible within the host environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal