Security audit

Blackswan Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it embeds an email credential and automatically sends reports to a fixed mailbox, so it should be reviewed before installation.

Install only after removing the built-in SMTP credential, rotating that exposed mail auth code, and changing email settings to user-provided secure configuration. Confirm exactly where reports are sent, whether Feishu is enabled, and whether scheduled runs are acceptable for your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The file contains a hard-coded SMTP authentication secret and immediately uses it for outbound email login. Embedding live credentials in source code is dangerous because anyone who can read the file, logs, backups, or repository history can reuse the account for unauthorized email sending, account takeover abuse, or further phishing/social-engineering activity.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script hard-codes an SMTP auth credential directly in source code, which exposes a reusable secret to anyone with file, repository, log, or artifact access. Once leaked, the credential can be abused to send mail as the configured account, access related mail functionality, or enable broader account compromise depending on provider settings.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill states that reports are sent by email and Feishu but does not clearly warn that generated reports and possibly operational metadata will be transmitted to external services. In a monitoring/reporting skill, outbound transmission is expected, but failing to make it explicit undermines informed consent and can lead to unintended disclosure to third-party platforms.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script writes persistent history to disk and sends outbound email automatically, but there is no explicit user-facing disclosure, consent gate, or configuration toggle controlling these side effects. In an agent/skill context, undisclosed external transmission and local persistence can expose market data, strategy outputs, or account metadata in ways the operator did not expect.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The code not only stores hard-coded email credentials but also uses them for automatic outbound authentication without any warning to the user. In a hosted or shared environment, this can enable covert or unexpected data exfiltration through email and makes the embedded account immediately reusable by anyone who gains code access.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill uses embedded email credentials to authenticate and transmit reports externally without any user-visible consent or secure secret handling. This creates both a credential exposure risk and an outbound data-transfer capability that could be repurposed or abused if the code or environment is compromised.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script automatically transmits generated market analysis over SMTP to an external mail server without any explicit user-facing consent, warning, or configurable approval gate at send time. In this skill context, the content includes potentially sensitive trading signals and account-adjacent analytics, so silent outbound delivery can leak operationally sensitive information or violate user expectations and organizational controls.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal