Miniflux

Security checks across malware telemetry and agentic risk

Overview

This Miniflux skill is coherent and purpose-aligned, but users should treat it as a write-capable RSS account integration and verify the helper binary before use.

Before installing, verify the openclaw-miniflux-mcp binary source or prefer Cargo installation, use a dedicated Miniflux API token, store credentials only in local MCP config, and run with --read-only if you only want browsing and reading rather than feed/category changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description is broadly phrased around many user requests without clearly defining tighter activation boundaries or requiring explicit Miniflux-related context. In an agentic system, this can cause overbroad invocation and unintended access to a user's RSS data or trigger follow-on write-capable workflows when a request is only loosely related.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill advertises create, update, delete, import, mark-as-read, and bookmark-changing capabilities without an upfront warning that these operations modify persistent user data. In practice, this increases the chance an agent will perform destructive or state-changing actions—such as deleting feeds, renaming categories, or bulk marking entries as read—without the user appreciating the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal