韭研公社每日异动简报

Security checks across malware telemetry and agentic risk

Overview

This market-brief skill is understandable in purpose, but it embeds live-looking IMA and QQ delivery credentials that could send generated reports to fixed external accounts.

Review before installing. Replace the embedded IMA and QQ values with credentials and destinations you control, treat the exposed API key as compromised, and disable scheduled or automatic send behavior until the skill requires clear confirmation for any external save or message.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill includes hard-coded IMA API credentials and instructions to use them for remote note import, which exposes reusable secrets directly in the skill content. Anyone with access to the skill can reuse those credentials to send data to the external service, impersonate the configured integration, and exfiltrate generated or arbitrary content beyond the market-analysis function.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The configuration block exposes reusable third-party identifiers and secrets for both IMA and QQ delivery, enabling unauthorized access to external publishing channels. This materially increases risk because the skill is not just documenting formats; it provides operational credentials and targets that can be abused for data exfiltration, spam, or account misuse.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include broad, everyday market questions such as '今天市场怎么样' and '当前热门板块有哪些', which can cause the skill to auto-activate in situations where the user did not explicitly request this specific data source or workflow. In an agent environment, overbroad activation can unintentionally navigate to external sites and produce authoritative-seeming financial analysis, increasing the risk of unintended actions and misleading outputs.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad and overlap with ordinary market-chat queries, making unintended invocation likely. In this skill, accidental activation is more dangerous than normal because invocation can lead not only to scraping but also to downstream saving and external transmission actions using embedded credentials.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes saving output to IMA and sending via QQ without clearly disclosing that generated content and related identifiers may be transmitted to third-party services. This lack of transparent notice and consent is risky because users may expect local analysis only, while the skill can perform external data transfer using preconfigured channels.

VirusTotal

No VirusTotal findings

View on VirusTotal