Astock Daily

Security checks across malware telemetry and agentic risk

Overview

The skill’s stock-email purpose is coherent, but it handles mail credentials and system configuration in ways users should review carefully before installing or running it.

Install only after reviewing and changing the hardcoded recipient, replacing any exposed SMTP password, and deciding whether scheduled outbound email is acceptable. Use a dedicated app password or low-privilege SMTP account, avoid exporting secrets in shell startup files, do not run fix-hosts.sh unless you understand and can undo the /etc/hosts changes, and remove rejectUnauthorized:false before relying on SMTP credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (21)

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The header comment materially understates the script's behavior by describing only a stock configuration wizard while the code also prompts for SMTP usernames and passwords and persists them locally. This mismatch can mislead users and reviewers about the sensitivity of the operation, reducing informed consent and making secret collection/storage easier to overlook.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script offers to append SMTP credentials, including the password, to a shell startup file for global reuse. Persisting secrets in ~/.bashrc or ~/.zshrc exposes them broadly to local processes, shell history/workflows, and accidental disclosure, and this is unnecessary for a stock notification setup.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide instructs users to place a live SMTP password in a local `.env` file and source it at runtime, but provides no warning about protecting the file, excluding it from version control, or using a safer secret-management mechanism. This creates a realistic risk of credential leakage through accidental commits, shared workspaces, shell history, backups, or file disclosure.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs the user to append entries to /etc/hosts using sudo, which makes a system-wide privileged configuration change without any warning about elevated privileges, rollback steps, or the risk of overriding future legitimate DNS changes. Even if intended as troubleshooting, modifying hosts can redirect traffic for all applications and can persist beyond the immediate fix, making mistakes or abuse impactful.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The verification step tells the user to source .env and run the Node application without warning that this may load credentials into the shell and trigger real outbound network actions such as SMTP transmission. In a skill context, this can expose secrets in the current shell environment and cause unintended side effects, especially if the application behavior is not fully reviewed first.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The quickstart explicitly instructs the user to place a real SMTP password in a local `.env` file, but provides no warning about protecting that file, avoiding commits, or using app-specific/least-privilege credentials. This can lead to credential disclosure through accidental source control commits, backups, logs, shared machines, or misconfigured file permissions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs the user to edit /etc/hosts with sudo to override DNS for an SMTP server, but it does not warn that this changes system-wide name resolution, can break other applications, and may persist after the troubleshooting session. It also encourages trusting a manually discovered IP address, which can become stale or incorrect and may redirect sensitive email traffic to the wrong host.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README tells users to place SMTP credentials directly into an environment variable, including username and password, without warning that environment variables may be exposed through shell history, process listings, logs, crash reports, or inherited subprocess environments. It also suggests setting TLS rejectUnauthorized to false, which disables certificate validation and makes credential interception and man-in-the-middle attacks more plausible.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation phrases are broad enough to trigger on ordinary finance-related conversation, which can cause the agent to invoke the skill unexpectedly. In this skill, unexpected activation is more concerning because it is tied to stock screening and scheduled email behavior, creating a risk of unsolicited financial recommendations or unintended data delivery.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The description omits that the skill sends stock information by email on a recurring schedule, so users may not understand that activating or configuring it can lead to outbound communications. Hidden external actions are dangerous because they reduce informed consent and can result in unwanted emails, privacy issues, or accidental dissemination of financial information.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script writes SMTP credentials, including the password or authorization code, into a local .env file without warning the user about plaintext secret storage. Secrets saved this way can be exposed through local compromise, backups, accidental commits, or permissive file permissions, leading to email account compromise or abuse.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script performs privileged modification of /etc/hosts without prompting for confirmation, taking a backup, or validating that the hard-coded IPs are correct and current. Because /etc/hosts overrides DNS resolution system-wide, an incorrect or stale entry can redirect SMTP traffic, break mail delivery, or create an opportunity for traffic interception if users trust and run the script as-is.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The code builds shell commands and an AppleScript command line using untrusted subject, recipient, and HTML content without robust escaping or argument separation. An attacker controlling these fields could break out of the quoted context and trigger shell or AppleScript injection, causing arbitrary command execution or unauthorized email sending from the host.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script installs a cron entry that executes `source .env` and rewrites the user's crontab using `crontab -` with only limited safeguards. This is risky because shell-sourcing `.env` treats the file as executable shell syntax rather than simple key/value data, so a modified `.env` can run arbitrary commands every weekday, and the crontab update flow can unintentionally duplicate or clobber entries if the current crontab changes between read and write.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script writes SMTP credentials in plaintext to .env and may also duplicate them into shell startup files without prominently warning the user. Plaintext credential storage significantly increases the chance of compromise through local file access, backups, accidental commits, or later exfiltration by other software.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The script performs a real email send as part of a test flow without strong prior warning or explicit user confirmation. In an agent or automation context, this can cause unintended outbound communications, trigger mail policies, create audit noise, or be abused to send messages using embedded credentials without clear operator intent.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: echo "⚠️ /etc/hosts 中已有 smtp.qiye.aliyun.com 记录" else echo "添加 hosts 记录..." sudo sh -c 'echo "47.246.165.89 smtp.qiye.aliyun.com" >> /etc/hosts' echo "✅ 已添加 smtp.qiye.aliyun.com" fi
Confidence: 93% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: echo "⚠️ /etc/hosts 中已有 smtp.mxhichina.com 记录" else echo "添加 hosts 记录..." sudo sh -c 'echo "47.246.165.89 smtp.mxhichina.com" >> /etc/hosts' echo "✅ 已添加 smtp.mxhichina.com" fi
Confidence: 93% confidence
Finding: sudo

Credential Access

High

Category: Privilege Escalation
Content: echo "" echo "⚙️ 正在保存配置..." # 保存到 .env 文件 cat > .env << EOF SMTP_CONFIG='$SMTP_CONFIG' EOF
Confidence: 96% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: echo "⚙️ 正在保存配置..." # 保存到 .env 文件 cat > .env << EOF SMTP_CONFIG='$SMTP_CONFIG' EOF
Confidence: 96% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: SMTP_CONFIG='$SMTP_CONFIG' EOF echo "✅ 配置已保存到 .env 文件" # 添加到 shell 配置文件 SHELL_RC=""
Confidence: 95% confidence
Finding: .env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal