财经早报 Morning Briefing

Security checks across malware telemetry and agentic risk

Overview

This is a simple finance-news briefing skill with disclosed local archiving and optional WeChat delivery, though users should verify the missing script before running it.

Before using it, confirm the actual Python script because it is referenced but not included in this package. If you add or run a script, review what it writes to the default local folder and only enable the scheduled WeChat push for a channel where finance-news summaries are appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly states it will save a complete local Markdown archive and send a summary to a WeChat channel, but it does not clearly warn about these side effects, data destinations, or what content may leave the local environment. This can cause unintended disclosure of aggregated news content, generated summaries, file paths, or operator-controlled data to an external messaging channel without informed user consent.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal