Security audit

科技新闻日报

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a tech-news reporting workflow, but it is set up to write reports and publish them to fixed Feishu destinations without clear per-run user confirmation.

Install only if you intend this skill to create local files, create or write Feishu documents, and send reports through Feishu. Before use, replace the hard-coded Feishu IDs, require a preview, and confirm the exact document location and chat recipient before any send.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill hard-codes delivery of the generated report to a specific Feishu group ID, which creates an unconditional outbound data flow to a fixed recipient not clearly scoped by the user's current request. Even if the content is 'just news', automatic exfiltration to a predetermined chat can leak user activity, generated content, internal notes, or accidentally included sensitive data without fresh consent.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger definition includes vague language such as 'or similar expressions', which can cause unintended activation of a skill that performs file writes and external publishing actions. Ambiguous invocation increases the chance that ordinary conversation is interpreted as authorization for side-effectful behavior.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill description advertises automatic local file creation and Feishu publication but does not clearly warn the user that invoking the skill causes persistent writes and outbound sharing. Missing disclosure is dangerous because users may expect a read-only summary while the skill silently stores and transmits generated content.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This section mandates automatic outbound messaging to a fixed Feishu group without an explicit user warning or per-run approval. That creates a direct risk of unauthorized disclosure because the skill may broadcast generated content, links, or embedded sensitive text to a group chat the user did not intend to target.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The reference explicitly documents remote Feishu document creation and write actions, including concrete folder and owner identifiers, but provides no warning, confirmation requirement, or authorization guidance before modifying external content. In this skill’s context, the capability is operational rather than purely illustrative, so an agent using this reference could create or overwrite documents in a user knowledge base or send content to the wrong destination without informed user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.