Security audit

竞品数据定时监控

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like a disclosed competitor-monitoring tool, though users should treat its screenshots, alerts, webhooks, and installer as privacy-sensitive.

Install and run this only where scraping the configured sites is allowed, preferably inside a virtual environment or container. Review every monitored URL and notification destination, protect webhook and email credentials, and disable screenshot_on_alert for pages that may show private account or business data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises external notifications via email, WeChat, DingTalk, and Feishu, but does not prominently warn that monitored data, anomaly summaries, and possibly URLs or screenshots may be sent to third-party services. This can lead to unintentional data disclosure outside the local environment or organization.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes automatic screenshot capture and storage of monitored pages, but does not surface this as a prominent privacy/storage warning. Screenshots can contain account state, business-sensitive content, identifiers, or other data not obvious from the extracted metrics alone, increasing retention and exposure risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The installer immediately runs package installation and downloads a browser runtime without explicit user confirmation, which changes the host environment and may trigger network access, disk usage, and dependency installation the user did not intend. In a skill installer, silent environment modification is risky because it expands the trust boundary and can surprise users or be abused if the package sources or environment are compromised.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: When alerts fire, the code sends alert contents and an optional screenshot to NotificationManager without any consent gate, minimization, redaction, or explicit disclosure in this component. In a monitoring skill, screenshots and scraped page data may contain sensitive business information, account state, or personal data from monitored pages, so automatic outbound transmission increases data leakage risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.