Back to skill

Security audit

Narodmon Telegram Summary

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it defaults to unencrypted Narodmon API traffic while using account authentication, which deserves user review before installation.

Review before installing. Use HTTPS for Narodmon if it works in your environment, avoid private sensors or account authentication over HTTP, restrict the JSON config to the owning user, and verify the Telegram bot token and chat ID are only for the intended destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly instructs use of network access to Narodmon and Telegram and shell execution via a cron wrapper, yet no permissions are declared in the metadata. That mismatch can undermine sandboxing, review, and least-privilege controls by causing operators to approve or run a skill without an accurate capability declaration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly recommends using unencrypted HTTP to the API and states that sending the password hash for private sensors is acceptable. Even if the plaintext password is not sent, authentication material and sensor data can be intercepted or modified by a man-in-the-middle, enabling account abuse, data disclosure, or forged API responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.