Security audit

Daily Inspiration

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed twice-daily Feishu inspiration/news push, with web search and scheduled messaging matching its stated purpose.

Before installing, confirm the Feishu recipient/channel and twice-daily schedule are intentional, preferably test in a low-risk channel, and keep a clear way to pause or remove the scheduled task if the messages become unwanted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is designed to auto-run on a schedule and send outbound Feishu messages without any explicit user consent, opt-in, or warning in the skill content. Automatic messaging can create privacy, spam, and trust risks, especially if recipients did not knowingly authorize recurring notifications or if the destination is misconfigured.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill uses web search to obtain content but does not disclose that external network requests will occur or that search terms/context may be transmitted to third parties. While the searched topics are not inherently sensitive here, undisclosed outbound requests still create transparency and privacy concerns and may expose usage patterns or personalized query context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal