Back to skill

Security audit

thought-leader-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill runs a disclosed local tracker that queries public podcast search data and writes local Markdown reports, but its generated reports may be low quality or misattributed.

Install only if you are comfortable running local Bash/Node.js code that sends configured thought-leader names and keywords to Apple's public search API and saves Markdown reports locally. Treat generated reports as rough search digests, not verified attribution or complete cross-platform monitoring, and only add the cron job if you want ongoing daily runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The report quality does not match the skill’s stated purpose of producing meaningful summaries and cross-platform tracking. Large portions of the file contain placeholder-like fields such as 'Platform: undefined', minimal summaries, and weak theme analysis, which can mislead users into trusting incomplete or fabricated intelligence for monitoring or decision-making.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
Many listed items do not appear to be actual releases by the named thought leaders and instead look like broad name-match collisions across unrelated podcasts. This creates a data integrity vulnerability where users may act on false attributions, corrupt downstream analytics, and lose trust in the monitoring system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.