Knowledge Card Generator

Security checks across malware telemetry and agentic risk

Overview

The skill mainly does what it says, but its Feishu delivery path uses app credentials and raw messaging APIs without enough scoping or confirmation guidance.

Install only if you are comfortable with the agent using Feishu app credentials to upload and send generated cards. Use least-privileged Feishu credentials, verify the target recipient or group before sending, and avoid sensitive source content if external upload or Google Fonts network requests are not acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill goes beyond local card generation and instructs the agent to obtain Feishu access tokens, upload generated content to Feishu, and send messages through external APIs. That creates an unnecessary external transmission path for user content and introduces credential handling and outbound network behavior that are not essential to the core rendering task.

Context-Inappropriate Capability

Low

Confidence: 85% confidence
Finding: The skill instructs reading another skill's SKILL.md to learn how to send QQ media, which expands scope into cross-skill file access unrelated to concept extraction or rendering. Cross-skill introspection can leak implementation details, create confusing trust boundaries, and normalize broader workspace access than needed.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The generated HTML imports Google Fonts via a remote URL, which causes network access during what is otherwise a local rendering task. This leaks execution metadata such as IP/network environment, creates a dependency on third-party availability, and expands the skill's capability surface beyond what users would reasonably expect from offline card generation.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The Feishu workflow instructs using app credentials and externally uploading images/messages without an explicit user-facing warning or consent step. This can silently exfiltrate user-provided content and encourages insecure credential usage inside skill logic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal