research-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed news and trend monitoring helper with Telegram alerts, but users should configure scheduled delivery carefully.

Before installing, decide the exact keywords, sources, schedule, and Telegram destination. Avoid monitoring sensitive private business topics unless you are comfortable with those summaries being sent through Telegram, and confirm how to disable recurring alerts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad, natural-language requests such as asking for news summaries or trend analysis, which can easily overlap with normal user intent and cause the skill to activate unexpectedly. In a skill that performs automated monitoring and outbound notifications, ambiguous activation increases the chance of unintended data collection, crawling, or message delivery without clear user consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly mentions automated crawling and Telegram transmission on a schedule, but does not present a clear user-facing warning that data will be fetched automatically and sent to an external service. This is dangerous because users may not realize that scheduled outbound actions continue after setup, potentially exposing searched content, monitored topics, or internal interests to third-party systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal