Back to skill

Security audit

Web-to-FIM | 网页内容转 Markdown/飞书/IMA

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: convert user-supplied web pages or files into Markdown and save them locally or to chosen cloud note services.

Use this only for URLs and files you are comfortable converting and, if cloud destinations are enabled, uploading to Feishu or Tencent IMA. For private material, run local-only with the documented flags such as --no-feishu and --no-ima, and use least-privilege, revocable API credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The security statement claims file writes occur only when explicitly requested, but the documented default workflow saves content to Obsidian automatically. This mismatch can mislead users about when writes happen and may cause unintended persistence of sensitive fetched or local content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition activates on essentially any user-provided URL or local file request to convert or store content, making invocation overly broad. That increases the chance the skill runs in contexts the user did not intend, potentially causing network fetches, local file processing, or cloud uploads on ambiguous prompts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description promotes one-click conversion and saving to Feishu or IMA without a clear warning that local files and fetched webpage contents may be uploaded to third-party cloud services. Users may reasonably assume conversion is local-only, leading to accidental disclosure of sensitive documents or private page contents.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The create_note path sends user-provided note content plus API credentials to Tencent's cloud, but the code does not provide any explicit disclosure, confirmation, or consent boundary at the point of transmission. In a skill whose purpose is to convert arbitrary web pages and local files into notes, this increases privacy and data-handling risk because users may unintentionally upload sensitive local or scraped content to a third-party service.

Missing User Warnings

Low
Confidence
79% confidence
Finding
Tweet content fetched from a remote source is written to a temporary JSON file on disk, which can expose sensitive or regulated data to other local processes, backups, or forensic recovery if the host is shared or compromised. Although the file is later deleted, deletion is not guaranteed on crash and does not fully eliminate residual data risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill accepts arbitrary URLs and local files, then sends them to MarkItDown for conversion, which may trigger remote fetching and third-party processing of user-supplied content without any explicit warning, consent, or trust boundary checks. In a document-conversion skill, this increases privacy and data-handling risk because users may provide internal URLs, private files, or sensitive documents expecting only local transformation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/ima-setup.md:24