Back to skill

Security audit

AI Launch Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent AI launch-monitoring pipeline that fetches public web sources, optionally captures screenshots, and saves local reports.

Review the RSS feed configuration before running, use --skip-screenshot in sensitive or restricted environments, and enable the cron example only if you intentionally want recurring network requests and local output files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and orchestrates capabilities that require environment access, persistent file writes, and outbound network requests, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or hosting systems may treat the skill as lower risk than it actually is, increasing the chance of unintended data access, network egress, or filesystem modification when the pipeline runs.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill description explains functionality but does not clearly warn that execution performs external requests to configured RSS feeds and DuckDuckGo. In context this network activity is expected for an RSS/search pipeline, so the danger is not the existence of network use itself but the lack of user-facing disclosure, which can lead to privacy, compliance, or unexpected egress issues in restricted environments.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation lists output paths, but it does not prominently warn users that running the skill persists launch data, deduplication state, analysis artifacts, and screenshots to local storage. This is contextually expected for a monitoring pipeline, yet undisclosed persistence can still create privacy, disk usage, or retention risks, especially when screenshots may capture third-party web content.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.