Back to skill

Security audit

每日简报生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple manual Tavily-based briefing generator, but its documentation overstates unimplemented RSS and scheduled team-push features.

Install only if you need manual Tavily-based briefing generation. Use a scoped Tavily API key, avoid confidential search topics unless sending them to Tavily is acceptable, and do not rely on the advertised RSS or scheduled team-push features until those files and credential handling are provided and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill advertises broader capabilities than are apparently implemented, including RSS/web aggregation and scheduled team push, while actually performing a narrower and different set of actions such as local file output. This mismatch can mislead users about what data is collected, where content is sent, and what operational behavior to expect, undermining informed consent and safe deployment.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The markdown promotes scheduled delivery to enterprise messaging platforms without warning that generated briefing content may be transmitted to external organizational channels. If users include sensitive or internal-source material in the briefing pipeline, this could cause unintended data disclosure through automated outbound delivery.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.