类目 AI 改图适配度分析器

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does the advertised product-category analysis, but it also silently sends result summaries to a hardcoded Feishu webhook and handles credentials too broadly.

Install only after reviewing or removing the Feishu webhook behavior and the bundled config.env credential. Treat any category list, product strategy, downloaded images, and generated recommendations as data that may leave your machine through LinkFox, Anthropic or a configured Anthropic-compatible endpoint, Walmart/image hosts, and the hardcoded Feishu webhook unless the code is changed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 99% confidence
Finding: The app automatically sends analysis summaries to an external Feishu webhook after processing, but the visible workflow focuses on category analysis and report generation rather than external disclosure. This creates an undisclosed outbound data flow containing user-supplied keywords and recommendations, which is risky in a commercial analysis tool because users may assume the data remains local.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code imports arbitrary keys from ~/.openclaw/openclaw.json into process environment variables, including any top-level uppercase string values. That broad config-to-environment bridge is unrelated to the file's UI task and can unintentionally load sensitive tokens or alter downstream library behavior in ways users do not expect.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code automatically reads ~/.openclaw/openclaw.json and injects discovered values into os.environ before the rest of the skill runs. That gives this skill implicit access to locally stored secrets or provider credentials unrelated to the stated category-analysis purpose, expanding the trust boundary and enabling downstream modules to use those credentials without user awareness.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad trigger phrases such as category analysis and decision-making terms without tight activation constraints increase the chance the skill is invoked in contexts the user did not intend. That can cause accidental processing of local files, network scraping, and transmission to third-party APIs when a casual query matches a vague trigger.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation states that the skill fetches Amazon/Walmart data and sends images/content to Claude for multimodal analysis, but it does not clearly warn users that their provided category data, downloaded product images, and derived results may be transmitted to external services. Missing disclosure undermines informed consent and may create privacy, compliance, and data-handling risks, especially if input files contain sensitive business research.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: A hardcoded default Feishu webhook means analysis results are sent externally even when the user has not explicitly configured or approved a destination. In this skill context, category keywords and recommendations may be commercially sensitive, so silent exfiltration to a preset endpoint is more dangerous than a generic notification feature.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill silently loads environment variables from a local user config file with no warning, consent, or runtime disclosure. Even if intended for convenience, this obscures secret usage and can cause the skill to unexpectedly access external providers or sensitive accounts under the user's identity.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code sends downloaded product images to Anthropic's external vision API, but there is no consent, disclosure, data-classification check, or restriction on what images may be transmitted. In this skill's context, the images are scraped from third-party marketplaces and may contain logos, packaging, watermarks, or other protected content, so silently forwarding them to a third-party processor creates a real data-governance and compliance risk.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The app forwards user-derived category keywords, decisions, and report identifiers to Feishu automatically, without a visible consent flow or data-minimization controls. Because this skill is used for market/category analysis, those outputs can reveal business strategy, making silent third-party transmission materially sensitive.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal