AlphaPai 评论抓取

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for AlphaPai scraping and summaries, but it needs Review because it can reuse sensitive login sessions, store authenticated content locally, and send derived content to external services with limited consent gates.

Install only if you are comfortable giving this skill access to your AlphaPai account/session and keeping scraped AlphaPai content on disk. Prefer a dedicated AlphaPai token or site-specific cookies over your full Chrome profile, keep Feishu disabled unless you intend to transmit summaries, review whether AI summaries may send content to an external model, and periodically delete storage-state, cookie backup, raw, index, report, and runtime files when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: script = ( f'display notification "{message}" with title "{title}" sound name "Glass"' ) subprocess.run(["osascript", "-e", script], check=False, capture_output=True, text=True) except Exception: pass
Confidence: 94% confidence
Finding: subprocess.run(["osascript", "-e", script], check=False, capture_output=True, text=True)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The setup script persistently edits the user's shell startup file to add or replace an alias, which changes the user's environment beyond the immediate installation step. While not inherently malicious, this is a persistence mechanism and is broader than strictly necessary for a scraper setup, especially because it happens automatically and survives future shells.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README states that generated summaries can be automatically sent to a Feishu webhook, but it does not warn users that scraped content and derived summaries may contain sensitive or proprietary information that will leave the local host. In a scraping/archive skill, silent or default off-host transmission materially increases data leakage risk, especially if users assume processing stays local.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The invocation guidance is broad enough that the skill may be selected whenever a user mentions AlphaPai scraping, historical querying, local archival, or Feishu delivery, without clear exclusions or consent gates. In this context, over-broad triggering is risky because using the skill can automatically reuse local authentication material and persist scraped data locally, causing unintended credential use or data collection.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill description and usage guidance mention automatic login, token/cookie/account-password reuse, and local archival, but they do not prominently warn that sensitive local credentials may be consumed and that scraped content will be stored on disk by default. This is dangerous because users may invoke the skill expecting simple retrieval, while it actually accesses authentication artifacts and creates a local corpus that may contain proprietary or sensitive data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The Feishu section states that summaries are automatically sent when enabled and a webhook is configured, but it does not clearly warn that scraped or derived content leaves the local environment and is transmitted to an external service. Given this skill handles scraped commentary and generated summaries, this can lead to unintentional disclosure of sensitive, proprietary, or licensed content.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill enables implicit invocation without any visible trigger constraints, which can cause the agent to activate this capability in broader contexts than the user intended. Because this skill performs login, scraping, indexing, and optional outbound messaging, ambiguous activation increases the risk of unintended access to sensitive data, unprompted external actions, or privacy-impacting automation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script reads raw scraped content and includes it in a prompt that is sent to an external AI subprocess, but there is no visible disclosure, consent flow, or data-classification check in this code path. If the raw data contains proprietary, personal, or regulated information, this can cause unintended exfiltration to a third-party model or service via the local CLI wrapper.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The scraper can save browser storage state to disk after authentication, which may include session cookies and other bearer-style credentials. Anyone with filesystem access to that file could replay the authenticated session and access the user’s account without needing the original password.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The scraper writes raw scraped authenticated content and detailed execution metadata to disk, including titles, bodies, timestamps, source strategy, and debug logs. In this skill context, the content comes from an authenticated source and may contain proprietary or sensitive information, so local persistence increases the risk of unintended disclosure through shared machines, backups, logs, or later exfiltration by other software.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script writes to the user's shell rc file without prior confirmation, which removes informed consent for a persistent system change. This is dangerous because shell startup files are executed automatically in future sessions, so silent modification can be abused to establish persistence or alter command behavior in ways the user does not expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal