Catl Wiki

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for Feishu wiki maintenance, but it describes shared project-wiki write procedures without clear confirmation or authorization guardrails.

Install only if the users who invoke it are authorized to edit the CATL Feishu wiki. Before any write, require the agent to show the exact page/changelog changes, confirm the target workspace and module, and obtain explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill provides concrete write and update procedures for a shared CATL Feishu wiki, including mandatory changelog edits, but does not require explicit user confirmation, authorization checks, or a warning that actions modify shared project records. In an agent setting, this creates a real risk of unintended or unauthorized changes to production knowledge-base content, especially because the wiki is shared across all agents and appears to contain client and project documentation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal