Back to skill

Security audit

日用品保质期管理

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can create Feishu resources, transfer ownership, and start recurring reminder messages automatically from broad trigger phrases.

Review before installing. Use this only if you are comfortable with the agent creating and managing a Feishu Bitable, transferring ownership to your Feishu user, storing table and cron identifiers locally, and running a daily reminder job that may message your expiration data through Feishu. Prefer a version that asks for setup confirmation and offers a simple way to disable reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill schedules proactive reminder behavior that sends shelf-life status information via Feishu outside the immediate user-initiated CRUD flow described in the manifest. This expands data handling and messaging scope, and because it runs on a cron schedule using context-derived user identity, it can surprise users and disclose personal inventory information without an explicit opt-in at setup time.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Automatically transferring ownership of the created Feishu bitable is a permission-changing action beyond simple data storage and may have security and governance implications. Even if intended to improve usability, changing ownership without explicit confirmation can affect access control, auditability, and user expectations around resource management.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger set is overly broad, including generic phrases like mentioning only '保质期' and short everyday commands such as '加个xxx' or '删除xxx'. In context, accidental activation is particularly risky because the skill can auto-initialize remote resources, write local config, and schedule recurring jobs, turning casual conversation into state-changing side effects.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The query/action examples are ambiguously scoped, with phrases like '看一下' or '列表' that could reasonably appear in unrelated conversations. Because the skill also supports listing potentially sensitive household inventory and expiration status, ambiguous activation can cause unintended data retrieval or disclosure in the wrong context.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill performs automatic initialization before the user's first relevant action, including creating Feishu resources, editing a local config file, and later scheduling recurring reminders, all without an explicit pre-action warning or consent step. This is dangerous because a simple trigger can cause external side effects and persistent state changes the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The scheduled reminder transmits item status data through Feishu, but the skill description does not clearly warn that inventory and expiration information will be proactively messaged on a schedule. That omission matters because household product data may be private, and scheduled outbound messaging creates an additional disclosure channel beyond ordinary interactive use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.