Yq Hot Topic Tracker

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears purpose-aligned, but users should know it can create or update article files and may reuse a prior scheduled tracking topic.

Install only if you are comfortable with the skill writing article files in the working directory and reusing a previously tracked topic during scheduled runs. For sensitive topics or audited repositories, review the output location and scheduled tracking state before use.

SkillSpector (2)

By NVIDIA

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to save a new article file and later modify/update it during fact-checking, but it does not require any user-facing notice or confirmation that files will be created and altered. This can lead to unexpected file writes, overwrites, or silent content changes, which is risky in environments where file operations are sensitive or audited.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: In scheduled-task mode, the skill automatically continues tracking the previous topic without an explicit consent or visibility mechanism. This can cause unintended data reuse, monitoring of stale or sensitive topics, and actions taken on behalf of the user that they did not actively authorize for the current run.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal