Automation Workflow Plus - (自动化工作流助手)

Security checks across malware telemetry and agentic risk

Overview

This is mostly an automation guide, but it gives under-scoped advice about passwords, saved login cookies, and internal financial data workflows.

Install only if you treat it as general automation advice, not a secure implementation recipe. Do not paste real passwords into prompts or task descriptions, avoid saved-cookie automation for production accounts unless explicitly approved, and use least-privilege accounts, OAuth or managed secret stores, test data, and secure log/file handling for any business or finance workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger description includes very broad everyday phrases like '提效', '节省时间', 'automation', and 'workflow', making unintended invocation likely in ordinary conversation. Over-broad activation can cause the skill to engage in contexts the user did not intend, increasing the chance of inappropriate guidance around automation, data handling, or credential-related workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example workflow encourages users to input account credentials, export internal financial data, read local spreadsheets, and generate reports without prominent safety guidance about secret handling, least privilege, storage, or data classification. In a skill centered on automation, this materially raises the risk that users will expose real credentials or sensitive business data to unsafe tooling or logs.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill promotes preserving login state via cookies for later automated reuse, which normalizes persistence and replay of authenticated session material. If those cookies are stored insecurely, reused beyond intended scope, or accessed by other processes, they can enable account takeover or unauthorized access without re-authentication.

Ssd 3

High

Confidence: 98% confidence
Finding: This walkthrough explicitly tells users to automate login to an internal system using real account credentials and process internal reconciliation data, creating a clear path for mishandling privileged access and sensitive financial records. In the context of an automation skill, users may copy secrets directly into prompts or scripts, exposing them to logs, screenshots, local files, or third-party tooling.

VirusTotal

No VirusTotal findings

View on VirusTotal