Back to skill

Security audit

Agentic Payment Daily

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it is hardcoded to save business reports locally and automatically send PDFs to a fixed WeChat account on a schedule.

Install only if you are the intended operator and you want reports saved to the listed Obsidian vault and sent to the listed WeChat account. Before scheduling it, replace the path and recipient/account values, manually verify delivery, add approval or dry-run controls, and consider hardening the PDF conversion script to avoid shell interpolation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly writes generated content to a local Obsidian vault and sends a PDF to a fixed WeChat recipient, but it provides no consent checkpoint, data-classification guidance, or warning that information will leave the local environment. Because the report concerns internal Visa strategy, partnerships, and regulatory monitoring, the external delivery step creates a real risk of unintended disclosure or misdelivery of sensitive business information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cron prompt enables unattended operation, automatic retries, and repeated WeChat delivery to a hard-coded recipient without any human review or failure-boundary controls. In context, that increases the chance that incorrect, stale, over-broad, or sensitive content is repeatedly transmitted externally, and retries can amplify the blast radius if the destination or content is wrong.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/convert-ap-report.mjs:147