Security audit

risk-sentiment-scanner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate public risk-scanning skill, but its executable helper can produce low-risk reports without fetching any news evidence.

Install only if you will treat outputs as draft research and verify the sources yourself. Do not rely on the included Node helper for real credit or compliance decisions unless it is fixed to require fetched evidence; review any watchlist before scheduled scans, and confirm Feishu sharing destinations before publishing reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill advertises automated public-opinion and regulatory scanning, but this code performs analysis on an empty news set for every company. That produces authoritative-looking risk reports with fabricated low-risk outputs, which can mislead users into making credit or compliance decisions based on nonexistent evidence.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: When no explicit company list is provided, the script silently falls back to a local watchlist file and scans entities the user did not supply. In a risk-analysis context, this can expose sensitive internal monitoring targets and cause unintended processing or disclosure of organizations under surveillance.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The code explicitly acknowledges that real web search and content extraction are required, yet immediately returns placeholder analysis with no fetched data. This is dangerous because it creates a false impression that current external sentiment and regulatory information was assessed, undermining trust and potentially driving harmful business decisions.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The scheduled re-check trigger is underspecified and does not define who enabled it, what scope it uses, or what user confirmation is required at run time. That ambiguity is risky because the skill can autonomously process stored watchlists and potentially emit or store sensitive business assessments without a fresh, explicit request.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The scheduled re-check trigger is underspecified and does not define who enabled it, what scope it uses, or what user confirmation is required at run time. That ambiguity is risky because the skill can autonomously process stored watchlists and potentially emit or store sensitive business assessments without a fresh, explicit request.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Pushing reports to Feishu introduces third-party data transfer, but the skill does not explicitly disclose that generated assessments may leave the current environment. This can expose users to confidentiality, compliance, or organizational policy issues if company risk evaluations are shared externally without clear consent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Pushing reports to Feishu introduces third-party data transfer, but the skill does not explicitly disclose that generated assessments may leave the current environment. This can expose users to confidentiality, compliance, or organizational policy issues if company risk evaluations are shared externally without clear consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal