Naver Blog Publisher
Security checks across malware telemetry and agentic risk
Overview
This skill is purpose-aligned for publishing to Naver Blog, but installation delegates persistent local publishing authority to an external runner that is not included for review.
Install only if you trust the publisher and the external @y80163442/naver-thin-runner package. Before setup, verify how to stop and uninstall the service, confirm the daemon is local-only and authenticated, avoid broad admin API keys where possible, and run dry_run plus a final account/content check before publish_live.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.