Security audit

微信公众号文章解析器

Security checks across malware telemetry and agentic risk

Overview

The skill’s main risk is disclosed setup behavior that clones code and installs dependencies, not evidence of hidden or malicious activity.

Before installing, review the repository and lockfiles if available, confirm the clone URL is the intended source, and approve dependency/browser downloads explicitly. Run the setup in a normal user account or sandbox when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly instructs users to send a message that causes an agent to automatically clone a remote repository and install dependencies. That creates a supply-chain and consent problem: the agent may make filesystem and software changes on the user's machine without clear warning, review, or confirmation, and a compromised repository or dependency could execute malicious install-time code.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal