Back to skill

Security audit

Weekend Self Check

Security checks across malware telemetry and agentic risk

Overview

This skill is a scheduled system self-check that sends operational details to Feishu, but its default sending path is hardcoded and not sufficiently scoped for a general install.

Review and edit the hardcoded workspace, Feishu account, and receive_id before installing. Use --dry-run or --no-send first, and only enable real sending if the Feishu app credentials are least-privilege and the report contents are acceptable to share with that destination.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly states it will generate a full self-check report and send it to Feishu, but it does not clearly warn that the report may contain sensitive operational data such as system state, cron status, memory/task listings, error records, and health information. This creates a real risk of unintended data exfiltration to an external messaging platform, especially during routine or automated execution.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The verification section includes a command that performs a real send, but labels it only as 'use caution' instead of clearly warning that it will transmit collected system information externally. A user following validation steps may trigger unintended disclosure during testing or troubleshooting.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads Feishu app credentials from a local config file and automatically uses them to obtain an access token, then later sends operational data externally. This creates undisclosed credential use and outbound data transfer behavior that may surprise operators and can expose sensitive environment information if the script is run in a trusted automation context.

External Transmission

Medium
Category
Data Exfiltration
Content
config = json.load(f)
        acc = config["channels"]["feishu"]["accounts"][account]
        url = "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal"
        r = requests.post(
            url, json={"app_id": acc["appId"], "app_secret": acc["appSecret"]},
            timeout=10
        )
Confidence
90% confidence
Finding
requests.post( url, json=

External Transmission

Medium
Category
Data Exfiltration
Content
url = "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id"
    headers = {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}
    try:
        r = requests.post(url, headers=headers, json=msg_payload, timeout=timeout)
        data = r.json()
        if data.get("code") == 0:
            return True
Confidence
91% confidence
Finding
requests.post(url, headers=headers, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.