Back to skill

Security audit

AI开发者日报

Security checks across malware telemetry and agentic risk

Overview

The skill appears to set up ongoing scheduled messages, but the reviewed signal indicates the schedule and destination may be created automatically without clear user confirmation.

Install only if you want scheduled automatic messages and can verify the exact cron destination first. Before setup, require the agent to show the schedule, timezone, channel, recipient, and command it will run, and make sure you know how to list, disable, or remove the cron job afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Setup workflow instructs the agent to automatically create a persistent cron job targeting the current channel/user without an explicit consent checkpoint. This can lead to unauthorized ongoing messages or notification spam in a private or shared channel, especially because it derives routing from ambient conversation context rather than requiring the user to review and confirm destination details.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.