Back to skill

Security audit

AI 行业资讯专家与小红书内容创作

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI-news content generator, but it needs review because it automatically opens generated web-derived HTML and documents unsafe shell-command patterns.

Review before installing or running. Use trusted or sanitized news data, avoid the documented shell-interpolation examples, and disable or remove automatic browser/file-manager opening if possible. Treat demo output as synthetic test content, not verified current news.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script invokes OS-level application launchers via execSync to open the generated directory, introducing local side effects beyond simple content generation. Even though the path is internally derived, automatically spawning local applications increases attack surface and can surprise users or be abused in automation contexts where any unsolicited local execution is undesirable.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script automatically opens the generated HTML file in the user's default browser using execSync, which is an unnecessary execution-side effect for a content-generation utility. Because the HTML embeds untrusted news fields directly into markup without escaping, opening it immediately can turn content injection into active script execution in the browser.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example uses execSync with a shell command built by interpolating JSON.stringify(newsData) directly into a quoted command string. If any search-derived field contains shell metacharacters or quote-breaking content, an attacker controlling article titles, snippets, or URLs could trigger command injection when the example is copied into a real integration flow.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The script performs multiple file writes and then opens generated content in local applications without asking for user confirmation. In agentic or automated environments, this can create unwanted side effects, disrupt workflows, and amplify other issues such as malicious HTML/content injection by causing immediate rendering of attacker-controlled content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/create-xiaohongshu-content.js:510

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/run-full-flow.js:102