Back to skill

Security audit

Fireseed Auto Novel Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent FireSeed novel-writing and publishing integration, but it gives the agent too much automatic account and publishing authority without enough user control.

Install only if you are comfortable with an agent publishing to FireSeed on your behalf. Prefer providing a scoped token through a secure configuration path, avoid sharing your password in chat, use Authorization headers rather than URL token parameters, and review generated content before publication whenever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to publish content to an external platform immediately and forbids asking the user for confirmation first. That creates a high risk of unauthorized or accidental external side effects, including unwanted publication, account actions, and reputational harm if triggers are matched incorrectly or the generated content is unsuitable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The credential flow tells the agent to ask for username/password and then automatically register or log in, but it does not provide strong warnings, consent boundaries, or safer alternatives. Collecting raw credentials inside a skill materially increases the risk of credential theft, mishandling, replay, and user confusion about where secrets are being sent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The authentication section permits tokens to be passed in URL parameters or request bodies without warning about exposure. Tokens in URLs are especially dangerous because they can leak via logs, browser history, referrers, proxies, analytics systems, and screenshots, enabling account compromise and long-lived unauthorized access.

Ssd 3

High
Confidence
98% confidence
Finding
The skill directs the agent to solicit credentials and then automatically perform account registration or login on the user's behalf. This is dangerous because it normalizes secret collection in-chat and combines it with autonomous account actions, which can lead to account takeover, improper storage of credentials, and actions performed under ambiguous or coerced consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.