News Brief

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: generate Chinese news briefs using Serper and DeepSeek, with local config/output and optional scheduling.

Review the Python files before running setup.py, use API keys with spending limits, and keep the skill directory private because .env may contain secrets. Only add the cron entry if you want automatic daily runs, and expect Serper and DeepSeek to receive the news queries, article metadata, and generated summarization prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

os.system() or os exec-family call

High

Category: Dangerous Code Execution
Content: os.environ["SERPER_API_KEY"] = serper_key os.environ["DEEPSEEK_API_KEY"] = deepseek_key os.chdir(BASE_DIR) # 确保工作目录正确 os.system(f"python {BASE_DIR / 'run.py'} --preview") if __name__ == "__main__":
Confidence: 86% confidence
Finding: os.system(f"python {BASE_DIR / 'run.py'} --preview")

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation declares environment variables and describes running Python code that reads config files, writes logs, makes network requests, and can be scheduled via shell/cron, yet it does not declare permissions explicitly. This creates a transparency and consent problem: users and platforms may underestimate the skill's access to secrets, filesystem, network, and shell execution, which increases the chance of over-privileged or unexpected behavior.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: A one-time setup script is expected to collect configuration and write files, but this script also executes run.py immediately afterward. That broadens the attack surface because the setup phase now transitions into operational code execution while credentials are present, which is riskier than a pure configurator.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The code sends aggregated news titles to DeepSeek for summarization without any disclosure, consent, or configuration gate visible in this file. Even if titles are not highly sensitive in the common case, external transmission of user-selected or workflow-derived content to a third party can violate privacy, policy, or data residency expectations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill sends collected news metadata, including titles, sources, dates, URLs, and category context, to the external DeepSeek API for verification and summarization without any visible disclosure, consent flow, or configurable opt-out. In this news skill context the transmitted data is not highly sensitive by default, but undisclosed third-party transmission still creates a privacy, compliance, and trust risk, especially in enterprise or regulated environments.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script sends user-supplied API keys to external services for validation but does not clearly warn that entering the key triggers network transmission to those third parties. This is sensitive because setup tools are often trusted, and users may not expect credentials to be sent during validation rather than only during normal product operation.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script stores API keys in a plaintext .env file without an explicit warning about local credential persistence, file permissions, or exclusion from version control. This can lead to accidental exposure through backups, repository commits, multi-user systems, or other local processes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal