Security audit

jqzx-news-push

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it handles service credentials and a recurring scheduled job in ways users should review before installing.

Install only if you want automated Feishu messages and Get note creation. Do not run the raw echo commands for credentials; use presence-only or masked checks. Before enabling cron, verify the exact script path, target recipient, log location, and how to remove the job.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill instructs use of shell capabilities such as reading environment variables and editing cron, but it does not declare those capabilities up front. This creates a transparency and consent gap: users and the hosting platform may not realize the skill can inspect local secrets or persist scheduled execution.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The document tells the agent to echo full secret-bearing environment variables back to the chat. That exposes tokens and API keys unnecessarily, increasing the risk of credential disclosure through logs, transcripts, screenshots, or downstream model/tool access.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill states that it will automatically send content to Feishu and save it to Get notes, but it does not clearly disclose the privacy implications, retention, or what data is transferred to third parties. This can lead to unintended data sharing and weak user consent, especially if news content or metadata is personalized.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill says it can 'help configure' a daily task and provides cron instructions, but it does not clearly warn that this modifies the user's persistent scheduler configuration. Silent or insufficiently explained persistence is risky because it creates ongoing automated execution beyond the current session.

Session Persistence

Medium

Category: Rogue Agent
Content: 1. 创建定时任务： ```bash crontab -e ``` 添加：
Confidence: 91% confidence
Finding: crontab -e

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal