Gnview Kit

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Douyin-to-Feishu analysis purpose, but it can download videos and write records/documents into Feishu without clear confirmation, rollback, or scoping controls.

Install only if you intend the agent to write Douyin analysis into a specific Feishu workspace. Review and trust the related skills first, use least-privilege Feishu access, keep API keys in environment/secret storage, set a constrained download path, and require an explicit preview and confirmation before any download, batch write, or cloud document creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes downloading Douyin videos, writing records into Feishu Bitable, and linking cloud documents, but it does not clearly warn users that these actions create local files and modify external systems. This can lead to unintended data changes, storage of potentially sensitive content, and accidental execution in contexts where the operator expected read-only analysis.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal