Back to skill

Security audit

Blog Watcher

Security checks across malware telemetry and agentic risk

Overview

This is a simple RSS/blog monitoring skill with disclosed but somewhat broad tool guidance and no executable code, installer, credentials, or persistence.

Safe to install for RSS or blog monitoring, but use explicit feed URLs and require confirmation before allowing shell commands or local file writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill advertises powerful capabilities including shell execution, file writing, and broad web access even though its stated purpose is only monitoring blogs and RSS feeds. Excess capability increases the blast radius if the skill is invoked unexpectedly, misused by a prompt, or combined with untrusted feed content, and there is no documented justification or constraint on those tools here.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger example "Help me with blog watcher" is broad and overlaps with normal conversation, making accidental or overly permissive invocation more likely. When paired with the documented broad tool access, an ambiguous trigger raises the chance that the skill activates in contexts the user did not clearly intend, increasing misuse risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.