Back to skill

Security audit

Web To Feishu

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: convert user-selected URLs or files to Markdown and optionally save them to Feishu or Tencent ima cloud notes.

Install only if you are comfortable sending selected converted content to Feishu or Tencent ima when using those save options. Use least-privilege API credentials, keep them in environment variables or a secret manager, review the external x-tweet-fetcher helper separately, and pin dependency versions before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger is extremely broad: any user request involving a URL or local file conversion may activate the skill. In context, this is risky because the skill can process arbitrary local files and transmit converted content externally, so accidental invocation could cause sensitive data to be read or uploaded without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description emphasizes convenience but does not clearly disclose that provided URLs/files and the resulting content may be sent to external fetch/conversion components and cloud destinations like Feishu and ima. In this skill’s context, that omission is more dangerous because it handles arbitrary web content and local files, which may include confidential information users do not expect to leave the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This client transmits user-provided note content and note metadata to Tencent's remote API, but the code offers no explicit consent prompt, warning, or data-classification check before sending potentially sensitive material off-device. In the context of a skill that converts arbitrary web pages and local files into cloud notes, this increases the chance of unintentionally uploading confidential documents or private content to a third-party service.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
Confidence
95% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
python-dotenv
Confidence
93% confidence
Finding
python-dotenv

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
80% confidence
Finding
python-dotenv

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/ima-setup.md:24