Back to skill

Security audit

AI Vulnerability Tracker

Security checks across malware telemetry and agentic risk

Overview

This tracker does what it broadly claims, but it ships with embedded Feishu credentials and writes to a hard-coded Feishu destination that users may not control.

Review before installing or running. Do not use the bundled Feishu configuration as-is; replace the app ID, app secret, wiki token, table ID, and field mappings with your own scoped values, confirm the destination table in code, run it manually before enabling cron, and rotate any exposed Feishu credentials if they are real.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
A description-behavior mismatch is dangerous because users may grant trust based on the stated purpose while the actual implementation performs undisclosed actions such as using hardcoded Feishu credentials and broader scraping/search behavior. In this context, the skill is designed to collect external content and push it to a remote table, so hidden credentials or undisclosed outbound behavior materially increase the risk of unauthorized access, data exfiltration, and misuse of third-party services.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code embeds a Feishu app ID and app secret directly in source, which exposes long-lived credentials to anyone who can read or copy the skill. Because the script automatically uses these secrets to obtain tenant access tokens and write records to Feishu, an attacker could reuse them to access or manipulate the associated Feishu resources beyond the stated search functionality.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The markdown states that the skill accesses external sources and pushes data to Feishu, but it does not clearly warn users that content and metadata will be transmitted outbound. In a skill that aggregates and forwards data on a schedule, lack of explicit disclosure increases the chance of unintentional data transfer, privacy violations, or policy noncompliance.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill silently contains and uses embedded Feishu credentials, so users may run it without realizing they are operating against a specific preconfigured tenant and table. This creates both a secret exposure problem and an undisclosed data-flow risk, since fetched content is automatically pushed to an external Feishu destination under those credentials.

Ssd 3

High
Confidence
95% confidence
Finding
A hardcoded Feishu Wiki Token exposes a live identifier for a connected table and can enable unauthorized access attempts, misuse of the integration target, or easier targeting of the associated workspace. In this skill's context, the token is tied to an external sink for collected data, so embedding it in a distributable skill materially increases the risk of unauthorized disclosure and abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.