Back to skill

Security audit

金石知识库

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for DingTalk project archiving, but it should be reviewed because it can automatically read business records and persist generated documents locally with broad triggers and weak containment controls.

Install only if you trust the DingTalk MCP endpoint and the people who can edit the monitored table. Use a least-privileged DingTalk/MCP account, narrow the triggers or require explicit invocation, confirm how scheduled execution is enabled or disabled, and validate output filenames before using this with sensitive project records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and overlap with normal user conversation, which can cause the skill to activate unintentionally. In this skill's context, accidental activation is more concerning because the skill performs automated archiving and document generation tied to external project-management data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description does not clearly warn users that the skill automatically archives completed items, generates AI-authored documents, writes them to disk, and runs on a schedule. This lack of disclosure can lead to unexpected data processing, persistence of potentially sensitive project information, and unauthorized automation in enterprise environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.