Security audit

Intel Briefing

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate news briefing skill, but it needs review because it mixes manual and scheduled operation, reads and writes memory, persists report files, and can stage output for QQ delivery.

Install only if you are comfortable with the skill reading and updating daily notes/memory to deduplicate briefings, writing persistent HTML reports, and optionally staging files for QQ delivery. Do not configure the cron tasks unless you explicitly want automatic briefings at the documented times, and review the generated report before sharing it externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill metadata says it is manually triggered, but this document explicitly instructs operators to configure unattended cron-based execution via system events. That mismatch can cause the skill to run outside user intent and trust boundaries, especially because it performs multi-source collection and file output on a schedule.

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The instruction to automatically continue execution after interruption conflicts with the skill's stated manual-trigger model and can cause the agent to keep performing network fetches, searches, file writes, and channel actions without renewed user confirmation. In contexts with quotas, sensitive outputs, or external integrations, this creates a real risk of unintended autonomous behavior and excess data handling.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The listed manual trigger phrases are short, common terms such as '早报', '午报', '晚报', and 'daily briefing', which can plausibly occur in ordinary conversation. This raises the risk of accidental invocation, causing unintended data gathering and report generation without a deliberate user request.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document specifies writing generated HTML reports to a local filesystem path but does not mention user notice, consent, retention, or overwrite behavior. Silent file creation can expose sensitive collected content to other local users/processes and may surprise operators who believe the skill is ephemeral.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad everyday terms like '早报', '晚报', and '生成简报', which can cause accidental activation in unrelated conversations. Because the skill performs multi-source collection, memory reads/writes, HTML generation, and possible outbound file delivery, unintended invocation can lead to unnecessary data processing and action execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.