Beijing Signed Price Tracker
Security checks across malware telemetry and agentic risk
Overview
The tracker does what it says, but it ships with a real-looking Feishu app secret and default Feishu sheet/message destination that could be used as-is.
Review before installing. Replace or remove the bundled Feishu configuration, use your own app ID, app secret, spreadsheet, and recipient, and rotate the exposed Feishu secret if it belongs to you. Test on a non-critical or copied sheet because sync can append rows, rewrite sorted ranges, and send Feishu messages.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.