Security audit

morning-radar

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: search Baidu for configured news topics and send a formatted briefing to a configured Feishu recipient.

Install only if you are comfortable sending your configured topics to Baidu and sending the generated briefing to Feishu. Prefer environment variables or protected secret storage, avoid committing config.json, use a least-privilege Feishu app, verify the recipient Open ID, and remove the cron job when you no longer want automatic daily delivery.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Intent-Code Divergence

Low

Confidence: 95% confidence
Finding: The documentation claims the skill does not collect or store any user data, yet it explicitly instructs users to place API credentials and recipient identifiers in a local config file. This is a misleading privacy statement that can cause users to underestimate the sensitivity and persistence of stored secrets, increasing the chance of insecure handling or accidental disclosure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill is documented as automatically pushing collected briefings to Feishu, but it does not clearly warn that user-defined queries, fetched results, summaries, and related content will be transmitted to an external third-party service. This lack of disclosure can lead users to send sensitive or proprietary topics off-platform without informed consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The privacy statement says the skill does not collect or store user data, but the documentation elsewhere shows that data is sent to Baidu APIs for search and to Feishu for delivery. This contradiction is dangerous because it obscures the actual data flows and may cause users to expose confidential interests, search terms, or generated reports to third parties unintentionally.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest explicitly describes collecting information and pushing it to Feishu, but it does not clearly warn users that gathered content will be transmitted to an external messaging platform. In a scheduled automation context, this creates a real transparency and data-handling risk because operators may enable it without fully understanding that queried results and generated summaries leave the local environment.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The manifest requires multiple sensitive credentials, including API keys and an app secret, but provides no warning or handling guidance for those secrets. This is a legitimate security weakness because users may store secrets insecurely in configs, logs, or shared environments, increasing the chance of credential exposure even if the manifest itself does not leak them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal