Autonomous Research Loop

Security checks across malware telemetry and agentic risk

Overview

This skill openly describes an endless background research loop that repeatedly creates Feishu documents without approval, limits, or clear account scoping.

Install only if you intentionally want a persistent autonomous background worker. Before enabling it, require a documented stop/remove process, daily or total run limits, explicit approval before Feishu posting, and least-privilege Feishu credentials tied to a known destination.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly describes an autonomous infinite loop that creates Feishu documents and modifies local state, but it does not warn users about the repeated side effects, persistence, or unbounded execution behavior. In this context, that omission is dangerous because the skill is designed to run every 5 minutes without a daily cap, which can lead to uncontrolled document spam, resource consumption, and silent accumulation of state changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal