Back to skill

Security audit

Macro News Signal

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed market-news analysis skill whose network fetching fits its purpose, with a hardening gap around unrestricted URL fetching that users should handle carefully.

Install only if outbound requests to the listed financial-news and market-data providers are acceptable in your environment. Do not pass internal, localhost, metadata-service, or private URLs to scripts/format.py, and avoid putting confidential trading strategy, proprietary research terms, or secrets into fetch requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to execute shell commands directly with curl and python3, including passing a URL argument into a script. In an agent environment, command execution increases attack surface for command abuse, unsafe argument handling, environment leakage, and bypass of higher-level safety controls that would normally govern network access.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script accepts an arbitrary URL from the command line and performs outbound requests without any allowlist, scheme restriction, or destination validation. In an agent or automation environment, this can enable SSRF-like behavior, access to internal services, or exfiltration via attacker-controlled endpoints, which is broader than the stated formatting role justifies.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README explicitly describes automated news fetching and includes HTTP request examples, but it does not clearly disclose that using the skill will generate outbound requests to third-party news sources and expose request metadata such as IP address, headers, locale, and user agent. In an agent ecosystem, this omission can mislead users about data exposure and network behavior, creating a transparency and privacy risk even if the requests themselves are expected for the skill's purpose.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The sample request hard-codes the Accept-Language header to zh-CN without indicating that this should be user-configurable. This can force a locale preference that may not match the user's intent, potentially causing unwanted disclosure of regional/language preference and biased content retrieval, though the security impact is limited in this context.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code sends a network request to a user-supplied destination without any explicit disclosure, confirmation, or logging of outbound transmission. In a skill context, this increases risk because users may not realize arbitrary external endpoints are contacted, which can facilitate covert data transfer or unsafe network access patterns.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.