Back to skill

Security audit

Ai Cv Weekly

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI report generator with optional delivery features, but users should treat generated reports and external delivery settings carefully.

Install only if you are comfortable with an AI report tool contacting public data sources and a configured LLM provider. Do not put secrets, private portfolio details, or confidential business data in hints unless the LLM and delivery endpoints are approved. Keep email/webhook delivery disabled until recipients and webhook URLs are trusted, and be cautious opening or forwarding generated HTML reports until the renderer sanitizes untrusted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The template renders `section.content` with Jinja's `safe` filter, which disables HTML escaping and trusts the value as already sanitized. If any part of `section.content` can be influenced by users, external feeds, LLM output, or other untrusted sources, this creates a straightforward stored or reflected XSS path in the generated report.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic email, webhook, and scheduled push delivery of generated reports but does not clearly warn users that report contents may be transmitted to external destinations automatically. In a report-generation skill that may aggregate sensitive market, business, or user-provided content, this omission increases the risk of unintended data exfiltration or surprise outbound actions once delivery is configured.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The quick-start section includes commands for email sending and cron-based automatic generation without any adjacent caution about outbound network transmission or unattended execution. Users may copy-paste these examples and enable automatic delivery before understanding that generated content can be sent externally on a schedule.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly supports sending generated report content via email and webhooks, which causes data to leave the local/OpenClaw environment, but the description provides no user-facing warning or consent language about external transmission. This is dangerous because reports may contain sensitive prompts, market analysis, proprietary summaries, or integrated source content that users do not realize will be forwarded to third-party endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration/output section documents SMTP, custom HTTP POST webhooks, and environment-based API connectivity without warning that these features create outbound network paths that can expose generated content or metadata. In a pluggable skill that auto-routes, schedules jobs, and supports multi-channel push, omission of privacy and integrity warnings increases the chance that users enable external delivery without understanding the security boundary.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The webhook sender posts report content to an arbitrary configured URL without any built-in validation, allowlisting, or user-facing disclosure that potentially sensitive report data will leave the system. In an agent/skill context, this can lead to unintended exfiltration of report contents to third-party endpoints if the URL is misconfigured, attacker-controlled, or supplied from untrusted input.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code queries the arXiv API over plain HTTP, which allows a network attacker to observe or tamper with responses in transit. Because the returned XML is parsed and converted into application content, a man-in-the-middle could inject misleading paper metadata, links, or content and poison downstream consumers of this source.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code falls back to LLM-based intent classification and sends the raw user hint to an external model without any visible consent flow, warning, or CLI disclosure. Because hints may contain sensitive financial interests, portfolio details, or personal data, this creates a real privacy and data-handling risk even though it is not direct code execution.

Ssd 3

Medium
Confidence
95% confidence
Finding
User-controlled hint text is inserted directly into the prompt as first-class instructions, so a crafted hint can compete with or override the editor's intended behavior. In an LLM pipeline, this creates prompt-injection risk: the model may follow attacker-supplied meta-instructions, reproduce hidden prompt content, or alter output format and policy handling.

Ssd 3

Medium
Confidence
97% confidence
Finding
Raw news text is embedded directly into the prompt without instruction/data separation, allowing adversarial content inside articles to steer model behavior. If a source item contains hidden or explicit instructions like 'ignore previous directions' or requests to reveal system prompts, the model may treat them as actionable, causing output manipulation or disclosure of internal prompt content.

External Transmission

Medium
Category
Data Exfiltration
Content
try:
            payload = self._build_payload(subject, text_content, html_path)
            resp = requests.post(
                self.url,
                json=payload,
                headers={"Content-Type": "application/json"},
Confidence
91% confidence
Finding
requests.post( self.url, json=

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.