Security audit

AI RecSys Weekly Report

Security checks across malware telemetry and agentic risk

Overview

This skill openly generates AI recommendation-system reports and syncs them to Tencent IMA, but users should handle the IMA API key carefully.

Install only if you intend to sync generated reports to Tencent IMA. Store the IMA Client ID and API key with restrictive file permissions, avoid committing or backing them up, verify the target knowledge-base ID before uploads, and test manually before enabling weekly automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to perform network access and shell/script execution, yet it does not declare permissions or present an explicit trust boundary for those capabilities. This creates a hidden-capability risk: a user invoking a seemingly content-generation skill may unintentionally authorize filesystem access, credential reads, and external uploads.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill is presented primarily as a report-generation workflow, but it also reads locally stored API credentials and uploads files to an external knowledge base via helper scripts. That mismatch is dangerous because users may invoke it expecting summarization, while the skill can perform materially more sensitive actions involving local secrets and outbound data transfer.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The README explicitly advertises automatic synchronization to an external IMA knowledge base and local file creation, but it does not prominently warn users about these side effects at the point of use. In an agent skill context, undisclosed outbound transmission and file writes can surprise users and lead to unintended disclosure of generated content or persistence on disk.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation condition is broad enough that ordinary requests for reports in this topic area may automatically trigger a workflow with network searches and external synchronization behavior. Over-broad triggering increases the chance of unintended execution of sensitive actions, especially when coupled with automatic upload steps.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises automatic synchronization to IMA but does not prominently warn users that this involves reading locally stored credentials and sending content to an external service. This weakens informed consent and creates a real risk of unintended data exfiltration if the generated or selected file contains sensitive content.

Session Persistence

Medium

Category: Rogue Agent
Content: # 1. 打开 https://ima.qq.com/agent-interface 获取 Client ID 和 API Key # 2. 存储凭证 mkdir -p ~/.config/ima echo "你的Client_ID" > ~/.config/ima/client_id echo "你的API_Key" > ~/.config/ima/api_key ```
Confidence: 94% confidence
Finding: mkdir -p ~/.config/ima echo "你的Client_ID" > ~/.config/ima/client_id echo "你的API_Key" > ~/.config/ima/api_key ``` ## 使用方式 ### 方式一：单次执行（手动触发）当用户要求"生成搜广推周报"、"出一份大模型推荐系统的技术报告"时，按以下步骤执行： #### Step 1：信

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.