ai-morning-brief

Security checks across malware telemetry and agentic risk

Overview

This AI brief skill mostly matches its purpose, but it needs Review because it disables HTTPS verification and enables unattended external delivery without clear recipient control.

Review before installing. Remove the global TLS verification bypass, remove or justify the unused GITHUB_TOKEN access, make push delivery explicit opt-in, replace the hard-coded DingTalk destination with a user-configured target, and only add the cron job if recurring external delivery is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (13)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The cron payload embeds a shell command (`cd ... && bash scripts/generate.sh`) inside a system event message, creating an execution path from scheduled content to command execution. In a skill that only needs to generate a daily brief, this is dangerous because it relies on free-form text carrying executable semantics, which can enable command injection, unintended execution, or abuse if the scheduler/agent interprets payload text as commands.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The installation guide presents the skill primarily as a briefing generator, but immediately documents automatic push delivery and mentions Feishu authorization-dependent sending. That mismatch can cause users to enable outbound messaging behavior without fully understanding that generated content will be transmitted to an external service, increasing the risk of unintended data disclosure or unexpected automation.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: The documented cron workflow schedules automatic push notifications to an external platform even though the stated purpose focuses on generating a report. Undisclosed outbound transmission expands the skill's effective privileges and can result in exfiltration of generated or source-derived content to external recipients on a recurring basis.

Intent-Code Divergence

Low

Confidence: 78% confidence
Finding: Describing the main script as performing 'generation + validation + push' contradicts the narrower stated purpose of only generating a daily briefing. While not inherently malicious, bundling push into the primary workflow reduces transparency and makes it easier for users to trigger external delivery unintentionally.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill reads GITHUB_TOKEN even though the script's functionality is daily news aggregation from RSS, Tavily, and arXiv, and the token is never used. Accessing an unrelated credential unnecessarily expands the secret exposure surface: future code changes, debug logging, exception traces, or accidental outbound use could leak a high-value token without any user benefit.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide advertises scheduled automatic push behavior without a clear warning that content will be sent externally via Feishu. In a skill whose headline purpose is report generation, omitting that warning undermines informed consent and can lead to silent recurring outbound communication.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation instructs users to generate voice output using Azure/edge-tts but does not clearly disclose that report text may be sent to an external speech service for processing. If the report contains sensitive summaries, links, or internal notes, this creates a third-party data exposure risk users may not anticipate.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly documents automatic push behavior and sending audio files as message attachments, but it does not mention consent, destination disclosure, approval gates, or safeguards for outbound transmission. In a skill that aggregates content and generates attachments, this can lead to unintended data exfiltration, surprise network actions, or privacy/compliance issues if users or operators do not realize content will be sent externally on a schedule.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The code globally disables TLS hostname verification and certificate validation for outbound HTTPS requests. This allows a man-in-the-middle attacker to intercept or tamper with RSS feeds, article content, and Tavily API traffic, potentially altering generated reports or capturing API credentials sent over supposedly secure channels.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger set includes very generic phrases such as "生成简报" and "ai daily", which can collide with ordinary user requests and invoke the skill unexpectedly. Because this skill performs external fetching and file generation, accidental activation can cause unintended network activity and content generation beyond what the user meant to request.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill documentation recommends automated scheduled execution and daily file generation but does not clearly warn users that it will run unattended, access external sources, and write output over time. This omission can lead to users enabling recurring behavior without understanding persistence, network usage, or storage implications.

Session Persistence

Medium

Category: Rogue Agent
Content: ### 3. 配置定时任务（可选） ```bash # 编辑 crontab crontab -e # 添加以下内容（每天 08:12 自动推送） 12 8 * * * python3 /root/.openclaw/workspace/scripts/ai_morning_report_push.py >> /root/.openclaw/workspace/logs/ai_morning_report.log 2>&1
Confidence: 87% confidence
Finding: crontab -e

Session Persistence

Medium

Category: Rogue Agent
Content: ### Q3: 如何修改推送时间？编辑 crontab： ```bash crontab -e # 修改这一行的时间 12 8 * * * python3 /root/.openclaw/workspace/scripts/ai_morning_report_push.py ```
Confidence: 83% confidence
Finding: crontab -e

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal