证券监管监控

Security checks across malware telemetry and agentic risk

Overview

The skill has a plausible public-page monitoring purpose, but it delegates core work to pre-existing root-level scripts and a persistent cron setup that are outside the reviewed package.

Install or run this only in an environment where you control and have reviewed the existing /root/monitoring/securities system. Before use, inspect the underlying crawler and notification scripts, confirm the cron entry is wanted, verify the XCrawl API key handling, check what is written to /tmp and /var/log, and confirm the Enterprise WeChat recipient before sending any notifications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs users to run scripts under /root, writes notification and diff artifacts into /tmp, and may send updates via enterprise messaging, but it does not clearly warn the user about privileged file writes, temporary-file handling, or external data transmission. This is dangerous because users may trigger actions with side effects on a privileged host or unintentionally exfiltrate monitored content to third-party messaging systems without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal