Back to skill

Security audit

Hot Topics Daily

Security checks across malware telemetry and agentic risk

Overview

This skill mainly fetches public hot-topic/news data and formats it for Discord, with some disclosure gaps but no artifact-backed malicious behavior.

Before installing, confirm you are comfortable with the skill contacting 60s.viki.moe and posting the generated output to the configured Discord thread. If you do not need international news, avoid running the Python backup module or remove it; if you do use it, provide only the intended Currents/GNews API keys. Ask the maintainer to document the optional API keys and the /tmp backup file behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions even though its documented behavior clearly requires network access and likely environment access for runtime configuration or credentials. Missing permission declarations reduce transparency and weaken policy enforcement, allowing users or hosting systems to underestimate what the skill can do.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose says the skill fetches Chinese platform hot topics, but the analyzed behavior indicates it instead accesses unrelated international news APIs, depends on undisclosed API keys, and does not implement the promised platform controls. This kind of description-behavior mismatch is dangerous because it can conceal unexpected data flows, hidden dependencies, and broader network activity than the user consented to.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script writes the generated hot-topics message to /tmp/hot-topics-message.md even though the skill’s stated purpose is only to fetch and send content to Discord. This creates an undocumented persistence channel: data remains on local disk where other local users, processes, or later tasks may read or tamper with it, and /tmp is a shared, predictable location on many systems.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The header comment states the script 'directly outputs to stdout' for the agent to send, but the implementation also writes a local backup file. This mismatch is not dangerous by itself like code execution, but it hides data persistence from reviewers and operators, which can cause unsafe deployment assumptions and mask the actual behavior of the skill.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

File read combined with network send (possible exfiltration).

Warn
Code
suspicious.potential_exfiltration
Location
scripts/push.cjs:17