Security audit

科技新闻日报

Security checks across malware telemetry and agentic risk

Overview

This news-reporting skill is mostly coherent, but it can automatically create Feishu documents and send full reports to a fixed Feishu group without clear per-run user control.

Install only if you recognize and intend to use the specified Feishu group and document workspace. Before running it, verify the chat ID, folder or space tokens, and owner settings, and require manual confirmation before any report is posted externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documentation materially expands behavior beyond the core reporting workflow by introducing checkpoint-file state management and direct Feishu group delivery. This increases data handling and exfiltration surface: generated content and execution state are written locally, then automatically pushed to an external group, creating persistence and unintended disclosure risks not clearly bounded by the original workflow.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill hardcodes a specific Feishu group ID and requires sending the full report there, regardless of user intent at runtime. Hardcoded outbound destinations are a strong exfiltration indicator because they bypass user choice and can silently disclose collected content to an unintended third-party chat.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase includes broad catch-all wording like 'or similar expressions', making activation ambiguous and increasing the chance the skill runs when the user did not intend it. Because this skill performs side effects such as file writes and external messaging, overbroad triggering materially raises the risk of unauthorized actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill description states it will automatically write local files, create Feishu documents, and send reports externally without any user-facing warning or consent flow. Side-effectful actions without explicit consent can cause unintended data persistence and sharing, especially when the generated report may include links, summaries, or user-influenced content.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The workflow mandates sending the report to a specific Feishu group and frames it as a required completion step. Mandatory external transmission is dangerous because it converts a content-generation task into an automatic data-sharing action, creating a clear path for unauthorized disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.