Back to skill

Security audit

Ai News Zh 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a no-code Chinese AI-news briefing skill whose web fetching, translation, scheduling, and optional channel posting are disclosed and aligned with its purpose.

Run it manually once before scheduling, confirm the exact posting channel, and grant only limited bot or API permissions. Installers should understand that generated news summaries and source links may be sent to third-party messaging services when those integrations are configured.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manual trigger phrase is a natural-language request that is broad enough to overlap with ordinary user conversation. In assistant environments that auto-activate skills based on matching phrases, this can cause unintended execution of web fetching and downstream push workflows without a clearly scoped invocation boundary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes scheduled automatic pushing to Feishu, Telegram, and Discord, but does not prominently warn that content will be transmitted to external third-party services. In practice, this can lead to unexpected outbound data flow, accidental disclosure of generated content or metadata, and user surprise when autonomous scheduled jobs send messages without an explicit per-run approval step.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.