Back to skill

Security audit

Agent Reach

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad internet automation guide that includes logged-in posting, cookie-based setup, proxy/configuration work, and anti-bot browser use without enough user-control boundaries.

Review carefully before installing. Use separate low-privilege platform accounts, do not provide broad browser profiles or reusable session cookies casually, inspect the external install guide before setup, and require explicit confirmation before posting, commenting, importing cookies, configuring proxies, or using anti-bot browser automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs use of a WeChat article reader that 'bypasses WeChat anti-bot' protections. That goes beyond ordinary web reading and encourages circumvention of platform access controls, creating legal, policy, and abuse risk if the agent uses tooling specifically designed to evade anti-automation defenses.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad phrases like '搜一下', '帮我查', 'research', and 'find information', which can cause the skill to activate in many unrelated situations. Over-broad activation increases the chance of unintended tool use, unnecessary browsing, and accidental execution of higher-risk capabilities such as posting or account setup.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest says the skill can 'post, comment, or interact' and 'configure or set up a platform channel' without a clear warning or consent boundary for account-impacting actions. In context, this means the skill may perform authenticated, externally visible actions on third-party platforms without sufficient user confirmation, raising risk of unintended posts, account changes, or policy violations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cookie import guidance tells the user to import cookies for XiaoHongShu login but provides no warning about the sensitivity of session cookies. Session cookies are equivalent to account access tokens; mishandling them can enable account takeover, unauthorized actions, and leakage of personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.