Back to skill

Security audit

Tech Weekly Briefing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed tech-news briefing skill that fetches public RSS feeds and writes local report files, with some accuracy and setup-scope issues but no evidence of credential theft, hidden exfiltration, or destructive behavior.

Install only if you are comfortable with the skill fetching public news feeds, writing local article/report files, and optionally adding cron jobs or blogwatcher feed entries. Review the setup and cron steps before running them, and treat generated briefings as convenience summaries because the bundled data shows attribution and topic-filtering errors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill explicitly documents use of curl/subprocess to bypass a 403 restriction for The Information feed. Using shell-based retrieval to evade publisher access controls increases legal and security risk, and introduces command execution pathways that are broader than necessary for simple RSS fetching.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The dataset appears to violate the skill’s stated trust boundary and quality claims: entries attributed to The Verge are labeled with blog "The Information," and the feed includes clearly non-tech or low-signal items such as entertainment, shopping deals, and lifestyle content. In a briefing skill that promises curated reporting from exactly six major tech sources with low-quality filtering, this mismatch can mislead downstream summarization, source-verification logic, and user trust, producing inaccurate or manipulated briefings.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented force-refresh flow includes a direct rm command against a file path without safety checks, existence checks, or warnings. Even if the path is specific, destructive commands in skill instructions can cause accidental data loss or normalize unsafe shell behavior for users and agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.