Back to skill

Security audit

微信公众号内容总结

Security checks across malware telemetry and agentic risk

Overview

This skill fetches a user-provided WeChat article, converts it to Markdown for summarization, and its disclosed cleanup behavior is scoped to the generated file.

Use trusted WeChat article links, ask the agent to keep the Markdown if you need an audit copy, and be aware that using the fallback install pulls current versions of Python dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill mandates deletion of generated Markdown files after processing without requiring user confirmation or warning about possible data loss. In an agent setting, this can destroy user-requested output or artifacts needed for auditing, reproducibility, or later review.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.