Back to skill

Security audit

ccf-events

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does CCF event lookup, but it also includes under-declared recurring automation and local setup behavior users should review before installing.

Install only if you are comfortable with a CCF information skill that may use browser automation helpers and includes instructions for persistent reminder jobs. Review any cron task before approving it, avoid the --config helper unless you accept possible .env changes, and consider narrowing or disabling broad auto-triggers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest describes an on-demand information query skill, but the body adds persistent scheduled-job creation for reminders and recurring monitoring. This is a privilege/scope expansion because it enables ongoing actions beyond the user's immediate request, potentially causing repeated data access or unwanted notifications without sufficiently explicit capability boundaries.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented cron creation, update, enable/disable, and removal flows introduce lifecycle management capabilities that are materially broader than simple event lookup. If an agent follows these instructions, it could create persistent background behaviors that users did not expect from a query skill, increasing the risk of overreach and abuse.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Several regex triggers are broad, conversational phrases like '有什么活动' or '查询.*会议', which can match ordinary chat and cause unintended auto-activation. Over-broad triggering can route unrelated user input into this skill, causing unnecessary external requests and accidental disclosure of user interests to third-party sites.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.