jiaozhen-factcheck

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Tencent News fact-checking skill, but it needs Review because it can install or update a local CLI from remote scripts and touches API-key state with limited safeguards.

Install only if you trust Tencent News and the CDN-hosted `tencent-news-cli` installer. Prefer downloading and inspecting/verifying installer scripts before running them, confirm which CLI path will execute, and treat the API key as a secret that should not be pasted into chats, logs, screenshots, or shared terminals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The guide claims the installer will perform verification, but the documented command streams a remote script directly into the shell with no independent integrity or authenticity check shown to the user. This creates a trust gap: if the remote content, CDN path, or delivery chain is compromised, arbitrary code will execute immediately under the user's account.

Intent-Code Divergence

Low

Confidence: 89% confidence
Finding: The troubleshooting section normalizes bypassing macOS Gatekeeper and Windows SmartScreen without requiring users to verify publisher identity, signatures, or checksums first. That weakens platform security controls and can condition users to ignore exactly the warnings that would help detect a tampered or untrusted installer.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: This script is materially unrelated to the declared fact-checking purpose of the skill: it probes for a Tencent News CLI installation, executes that binary, and inspects API-key state. In a skill that users would expect to analyze truthfulness of claims, hidden environment and credential-state inspection is dangerous because it expands access to local system metadata and credential-adjacent information without clear relevance or consent.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented behavior explicitly says the script reports install status, update status, and API-key status, which does not match the advertised fact-checking capability. That mismatch is a security concern because deceptive or mislabeled skills can cause users and reviewers to grant trust to code that performs unrelated local inspection.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installation command executes downloaded code immediately and the text does not clearly warn that it will run arbitrary script logic, download additional components, and modify shell configuration or environment variables. Users may reasonably interpret this as a routine install step rather than a full remote code execution action with persistent system changes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Advising users to override SmartScreen or macOS security prompts without risk context or source-validation instructions encourages unsafe behavior around untrusted executables and scripts. In a tooling-install context, this is especially dangerous because users are primed to trust the guide and may bypass legitimate malware or reputation warnings.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The guide instructs users to pipe a remotely fetched shell script directly into `sh`, which executes unreviewed code from the network immediately. This is dangerous because any compromise of the hosting endpoint, CDN path, TLS trust chain, or script content can result in arbitrary code execution on the user's machine with no opportunity for inspection.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The Windows instructions use `irm ... | iex`, which downloads remote PowerShell content and executes it in-memory without review. This creates a direct remote code execution path and is especially risky because users are encouraged to run it as part of normal maintenance, increasing the chance of blind trust.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script discovers a local binary via PATH or preset locations and executes it to obtain version/update information, without meaningful disclosure or integrity verification. Executing an auto-discovered binary can trigger unintended code execution, especially if PATH is manipulated or an unexpected binary is present, and is more concerning because the skill's stated purpose gives no reason to run local executables.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script invokes `apikey-get` and parses whether an API key is present, directly interacting with credential-related output without clear notice or need for the declared skill function. Even if it only reports presence, touching credential retrieval paths increases the risk of exposing secrets in logs, error messages, or downstream handling, and violates user expectations for a fact-checking tool.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal