Back to skill

Security audit

China News

Security checks across malware telemetry and agentic risk

Overview

This is a normal news-gathering skill that fetches public Chinese news sources and saves a local report, with no evidence of hidden credential use or harmful behavior.

Install this if you are comfortable with the agent making outbound requests to listed public news sites and writing a dated news report file in the current workspace. In restricted environments, review or disable network access and delete generated reports when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Low
Confidence
74% confidence
Finding
The workflow writes a report file into the workspace without prominently disclosing that side effect. Unannounced local file creation can violate user expectations, create persistence in shared workspaces, and may expose fetched content to other tools or later sessions.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The security note says 'Local processing only,' but the code makes outbound HTTP requests to multiple remote RSS endpoints. This is dangerous because it misrepresents the network trust boundary, potentially causing users to invoke the skill in environments where external access, logging, or data transfer is restricted.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill warns about internet access but omits that it also saves a report file locally. In security-sensitive environments, undisclosed persistence matters because it can leave artifacts containing fetched content and timestamps, affecting privacy, workspace hygiene, and downstream tool exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.