Wow Daily News

Security checks across malware telemetry and agentic risk

Overview

This skill matches a daily report workflow, but it can automatically send generated document links to fixed Feishu and WeChat accounts and start local helper software without clear user control.

Install only if you trust the publisher and the listed Feishu/WeChat targets. Before running it, replace the hard-coded recipients with accounts you control, verify the external helper scripts and Xiaohongshu MCP binary, narrow the trigger phrase, and ensure any background service can be stopped and audited.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: def run_cmd(cmd: str, timeout: int = 30) -> tuple[bool, str]: try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout) return result.returncode == 0, result.stdout + result.stderr except Exception as e: return False, str(e)
Confidence: 94% confidence
Finding: result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the agent to execute shell commands, write files, copy images into /tmp, and invoke local scripts and services, yet no permissions are explicitly declared. This creates a confused-deputy risk where users may invoke a seemingly routine news skill without being clearly informed that it can run local code and modify the filesystem.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase list includes very broad terms such as '日报' and '生成日报', which are likely to appear in ordinary conversation. Ambiguous activation can cause the agent to launch a workflow that executes scripts, accesses local files, and sends outbound messages without the user's specific intent to trigger this skill.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger section lacks scope constraints, and nothing requires the user to confirm target recipients or whether pushes should occur. In this skill's context, accidental activation is more dangerous because Step 9 mandates sending a generated document link to fixed Feishu and WeChat recipients.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill collects and republishes third-party forum content and images from NGA, Blizzard/EXWIND, and Xiaohongshu without warning the user about content provenance, copyright/privacy concerns, or republishing behavior. This can expose the operator to compliance, privacy, and trust risks, especially because images and excerpts are embedded into a shared document and redistributed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description does not prominently warn that generated documents and links are automatically pushed to fixed Feishu and WeChat accounts. Because the recipients are hard-coded and Step 9 is mandatory, a user may unknowingly trigger external disclosure of generated content and links to unintended parties.

Session Persistence

Medium

Category: Rogue Agent
Content: ``` - 无响应 → 启动： ```bash cd ~/xiaohongshu-mcp && nohup ./xiaohongshu-mcp-linux-amd64 >> mcp.log 2>&1 & sleep 10 && curl -s --connect-timeout 3 http://localhost:18060/mcp ``` **b. 重新运行美图脚本：**
Confidence: 93% confidence
Finding: nohup

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal