每日新闻总结

Security checks across malware telemetry and agentic risk

Overview

This skill generates a daily news digest from public news sources and has only disclosed, purpose-aligned file output and optional scheduling behavior.

Install if you are comfortable with the agent fetching listed public news sites and saving a dated Markdown digest in your workspace root. Only ask it to create the daily automation if you want ongoing scheduled runs, and check how to disable or edit that automation in your WorkBuddy environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to write a Markdown file to the workspace root without requiring an explicit user confirmation at execution time. This can lead to unintended file creation or overwriting in the user's workspace, especially if the skill is triggered implicitly or used in automated contexts.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill allows creation of a recurring automation task without embedding a strong user warning about persistent execution. Persistent scheduled actions increase risk because they can repeatedly perform network access and file writes over time after a single setup action, potentially beyond what the user fully understood.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal