AI Market Research

Security checks across malware telemetry and agentic risk

Overview

This market-research skill is not malicious, but it needs review because it can persist research outputs and advertises external delivery without clear user controls.

Install only if you are comfortable with research topics, generated findings, and source metadata being written locally and potentially saved to agentmemory. Do not enable channel/WeChat delivery or scheduled runs until you confirm the recipient, retention policy, and whether the current version is using simulated data or real integrations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The README presents crawl4ai and trendradar as integrated, working capabilities, while the roadmap later states real MCP calls are not yet implemented. This mismatch can cause operators to trust outputs, deployment assumptions, and data provenance that do not actually exist, which is a security-relevant integrity issue for an automation skill that may drive downstream actions.

Intent-Code Divergence

Low

Confidence: 88% confidence
Finding: The documentation states reports are saved by default and shows concrete output artifacts, while the roadmap suggests the current version is still a simulated orchestration framework. This can mislead users about persistence, auditability, and where sensitive research data is stored, creating confusion that may affect handling of potentially confidential inputs.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README describes default report storage and configurable auto-push to a channel without warning about data retention, sensitive content exposure, or access control. In a market-research skill that may process proprietary topics, URLs, and historical comparisons, silent persistence or distribution can leak sensitive business information to disk or messaging channels.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The requirements explicitly request persistent memory read/write and report file generation capabilities, but do not warn users that collected market-research data may be retained across sessions or written to disk. In a skill that gathers external web content and may process sensitive competitive or business information, silent retention increases the risk of unintended data persistence, over-collection, and later disclosure.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The configuration supports automatic pushing of generated reports to an external channel without any warning that outputs may be transmitted outside the local environment. Because this skill aggregates web intelligence and may include proprietary prompts, analysis, or retained memory context, silent auto-exfiltration to a messaging channel materially raises confidentiality and data-leak risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states that research results are automatically saved to agentmemory/vector storage, but it does not present this as a user-facing warning or consent-sensitive behavior. Automatic persistence can store confidential research topics, source content, and derived insights beyond the current session, creating privacy, retention, and unintended reuse risks.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill performs external collection via crawl4ai and trendradar across websites and third-party platforms, yet it does not clearly warn users that prompts, URLs, topics, and collected content may be transmitted to outside services. This can expose sensitive investigation targets or business intent to external systems and may also create compliance issues depending on the data being gathered.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill can push generated reports through a WeChat delivery channel, but it does not clearly warn that outputs may be sent to an external messaging target. If enabled unintentionally, sensitive market research, competitive analysis, or source material could be disclosed to the wrong recipient or leave the controlled environment.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The environment-variable section lists an API key and WeChat target identifier without explaining how these secrets and identifiers are stored, used, or protected. While not direct secret leakage, this omission increases the chance of mishandling credentials or misconfiguring outbound destinations, which can lead to unauthorized access or data disclosure.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill writes generated reports to a fixed local path without user confirmation or an explicit disclosure at execution time. In this context, reports may contain user-supplied topics, crawled content, and historical-memory-derived information, so automatic persistence can create unintended local data retention and privacy exposure on a shared or sensitive workstation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal