Daily News Brief

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed daily news-brief automation, but users should review scheduled execution and publishing settings before enabling it.

Install only if you want a Node script that can run every morning, fetch public news sites, and save or publish briefs. Review config.json recipients and outputChannels, avoid administrator setup unless you understand the task being created, and remove any cron/Task Scheduler/systemd entry when you no longer want unattended execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation instructs users to run shell commands such as npm install, node execution, and schtasks creation, yet the skill declares no permissions. This creates a transparency and trust problem: users and enforcement layers may not realize the skill requires command execution and scheduled task creation, which expands the attack surface and can enable unintended system changes.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The stated purpose is a news briefing skill, but the documented behavior includes system-level persistence/setup actions, dependency installation, file writes, and scheduler configuration that go beyond a simple content-generation workflow. This mismatch is dangerous because it can mislead users into authorizing broader execution and persistence than they reasonably expect from the description.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The guide instructs the user to run task-creation scripts and PowerShell as administrator to install persistence via Windows Task Scheduler. For a news-brief skill, persistence may be functionally relevant, but requesting elevation broadens system access beyond the minimal privileges needed and increases the blast radius if the scripts are modified or contain unsafe commands.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly documents outbound publication to Feishu, WeChat, and email plus local archiving/logging, but gives no warning about data leaving the local environment or being retained on disk. In a scheduled news skill, this can lead users to unknowingly transmit generated content, recipient identifiers, or operational metadata to third-party services and persist potentially sensitive outputs in history/log files.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Telling users to run setup scripts as administrator without explaining why or what changes will be made is unsafe operational guidance. Elevated execution can create persistence and modify system state, so lack of warning and transparency makes accidental over-privileged installation more likely.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill advertises automatic publication to Feishu/WeChat and later mentions user reading statistics and feedback collection, but it does not clearly explain what data is collected, where it is sent, how long it is retained, or how consent is obtained. This creates privacy and compliance risk, especially because news content, recipients, and engagement metrics may reveal user interests or organizational communication patterns.

Session Persistence

Medium

Category: Rogue Agent
Content: if [[ "$OSTYPE" == "linux-gnu"* ]] || [[ "$OSTYPE" == "darwin"* ]]; then CRON_JOB="0 8 * * * cd $(pwd) && node news-brief.js >> logs/cron.log 2>&1" # 添加到crontab (crontab -l 2>/dev/null | grep -v "news-brief.js"; echo "$CRON_JOB") | crontab - if [ $? -eq 0 ]; then
Confidence: 88% confidence
Finding: crontab (crontab -l 2>/

Session Persistence

Medium

Category: Rogue Agent
Content: echo "请手动复制到系统目录:" echo "sudo cp daily-news-brief.service $SERVICE_FILE" echo "sudo systemctl daemon-reload" echo "sudo systemctl enable daily-news-brief.service" echo "sudo systemctl start daily-news-brief.service" fi
Confidence: 82% confidence
Finding: systemctl enable

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal