Health Check

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed daily health check and sends the report to Feishu; users should choose the recipient carefully because reports may include operational details.

Before installing, replace the Feishu placeholder with the intended group or user, enable cron only if daily automatic reports are wanted, and ensure checked logs do not expose secrets, private incident details, or sensitive infrastructure information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly requires sending generated health-check reports via Feishu, but it does not warn that the report may include sensitive operational details such as system status, disk and memory usage, and recent log-derived errors. Transmitting this externally can leak internal infrastructure information or sensitive log contents to unintended recipients, especially since the destination is a placeholder ID and no data minimization or approval step is specified.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal