Security audit

Dify 8D分析助手

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for Dify-based 8D analysis, but it under-discloses external data sharing and uses a risky local shell-script handoff.

Install only if you trust the Dify endpoint and the local dify_router.sh script. Treat user prompts, reports, and open_id as data that may leave the local environment, and avoid using the skill on confidential reports until the publisher documents the data flow and hardens the shell invocation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly forwards the user's full message and the user's open_id to an external Dify-backed service, but it provides no privacy notice, consent step, minimization, or description of how this data is handled. This creates a real privacy and data-governance risk because potentially sensitive user content and a persistent identifier are disclosed to a third party, enabling tracking, retention, or misuse outside the local agent boundary.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.