Feed Watcher

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward RSS/Atom feed watcher that stores local feed state and can send feed update details to a webhook the user configures.

Install only if you are comfortable with feed update metadata being sent to your chosen webhook service. Use trusted HTTPS webhook URLs, avoid routing private or sensitive feeds to third-party services unless intended, and add the cron job only if you want continuous background monitoring.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages sending feed-derived content to arbitrary third-party webhooks but does not warn users that article titles, links, timestamps, and potentially sensitive monitored sources will be transmitted off-platform. This can cause inadvertent data leakage, especially when users monitor private, internal, or sensitive feeds and route notifications to external services such as Discord, Slack, or Telegram.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal