Back to skill

Security audit

团队周报助手 / Team Weekly

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local team reporting skill that stores and changes team/work-log data on disk, with no evidence of hidden network access, credential theft, or behavior outside its stated purpose.

Install only if you are comfortable storing team names, roles, projects, work descriptions, hours, and performance-related summaries as local JSON files. Set TW_DATA_DIR to a protected location, review generated reports before sharing, and confirm add/remove/delete actions carefully because local records can be changed or removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read environment variables and to persistently read/write local data, but it does not declare these capabilities or warn users up front. This creates a trust and consent gap: users may invoke reporting features without realizing team/member/work-log data will be stored on disk and subscription state will be read from the environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The public description says the skill generates team weekly/monthly reports, but the body also defines broader stateful operations including team creation, member deletion, persistent log storage, analytics, and subscription enforcement. This mismatch can cause users or reviewers to underestimate the skill's ability to modify data and handle sensitive employee activity records.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Using broad triggers such as 'or similar intent' makes activation boundaries unclear, increasing the chance the agent performs team initialization on loosely related user input. Because initialization leads to persistent storage and later administrative actions, unintended invocation can create or overwrite team state without sufficiently explicit consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Member-management actions are activated by vague phrasing, which is risky because these operations can add or remove persistent records about personnel. Ambiguous invocation increases the chance of unauthorized or accidental administrative changes from conversational context that was not meant as a command.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The work-log flow treats broad descriptions of completed work as activation signals, so ordinary conversation may be transformed into persisted employee records. Because logs can affect reports and performance analysis, accidental capture of informal remarks or partial information is a meaningful integrity and privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill omits a clear warning that team/member/work-log operations persist data to local storage. Silent persistence of employee names, roles, projects, work logs, and inferred analytics creates privacy and retention risk, especially because the default path is local and likely long-lived.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Member removal is a destructive operation, yet the documented flow does not require warning, preview, or confirmation. A mistaken or ambiguous invocation could permanently alter team records and distort later logs, reports, and analytics tied to that member.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that team work logs and reports are stored locally as JSON, but it does not warn that this includes potentially sensitive employee activity data such as names, hours worked, project assignments, and performance-related information. In a workplace context, silent persistence of personnel data increases privacy, insider access, and accidental disclosure risk, especially if the default directory is broadly readable, synced, or backed up without user awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.