Back to skill

Security audit

私域早晚安Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple community report-writing template; its web news lookup is expected, though users should be mindful of what search terms they provide.

Before installing, use this skill only with inputs you are comfortable using for web/news lookup. For sensitive communities, avoid private group identifiers or confidential brand context, or require approved sources and manual/offline news input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly states it will 'automatically fetch' current hot-topic news from the internet, but it does not clearly disclose what external services are contacted, what user inputs may be transmitted, or what data-handling/privacy implications exist. In a skill that may process community positioning, custom keywords, brand names, or group-related context, this creates a real transparency and potential data-exposure issue even if no obviously sensitive data is requested.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.