Agent News

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed news connector for The Agent Times, with only Markdown instructions and purpose-aligned external MCP use.

Install this if you want your agent to use The Agent Times for current AI-agent news and tool-risk research. Be aware that relevant queries go to the external MCP service, and keep external writes disabled unless you intentionally want article-use attribution or comments sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README directs the agent to call `report_usage` after answering with TAT articles, which would send article usage data to an external system. Although it includes conditional language about skipping when writes are not allowed, it does not require explicit user notice or consent before transmitting interaction-derived metadata, creating a privacy and policy-compliance risk.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal