短剧-公众号信息源

Security checks across malware telemetry and agentic risk

Overview

The skill’s purpose is mostly coherent, but it should be reviewed because it auto-opens locally generated HTML built from external API data without escaping that data.

Install only if you are comfortable giving the skill a RedFoxHub API key and allowing it to create local report/cache files. Review or patch the HTML escaping and avoid command-line API keys before routine use; prefer environment variables and manually open generated reports if possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The README documents automatic date-availability handling, but the skill metadata explicitly requires that when the requested target date has no data, the user must first be informed and explicit confirmation obtained before any API call. This mismatch can cause an agent or maintainer to implement behavior that silently performs fallback or additional retrieval without consent, violating user expectations and policy constraints around external data access.

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The README advertises automatic genre expansion when data is insufficient, which encourages autonomous follow-up API queries. In this skill's context, automatic expansion is risky because the manifest imposes a strict requirement not to auto-fetch after determining that the requested target date lacks data; unclear fallback logic can lead to unauthorized extra data retrieval and inconsistent compliance with user-consent requirements.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The invocation guidance is broad enough that the skill may activate for generic requests about short drama trends, subscriptions, or reports without clearly limiting when it should be used. Over-broad activation can cause unintended access to external data sources, automatic report generation, or local side effects when the user did not explicitly request this specific skill.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README states that enabling subscription will automatically generate daily reports and save them to a local folder, but it does not prominently warn about local file creation, storage location, retention, or consent requirements. This can create privacy and safety issues by writing potentially sensitive browsing or business-intelligence output to disk without sufficiently explicit user awareness.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The README says the generated HTML report will automatically open in the browser, but it does not clearly warn users about this side effect or associated privacy implications. Unexpected browser launches can expose on-screen content, trigger handling of embedded remote resources, or simply violate user expectations for non-interactive execution.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger description uses broad natural-language phrases like requests about short-drama hot topics or trends, which can overlap with ordinary conversation. Overbroad activation can cause the skill to run in contexts the user did not intend, potentially making network requests, reading environment secrets, or writing local files unexpectedly.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The skill advertises a subscription capability but does not clearly define what user intent is sufficient to activate it, and elsewhere suggests subscription commands that may not be truly implemented. Ambiguous activation of persistent or recurring behavior is risky because a casual request could be interpreted as consent for ongoing actions or state changes.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Passing an API key on the command line can expose the secret through shell history, process listings, audit logs, or terminal recordings. Because this skill is intended for routine use and may be run on shared or monitored systems, documenting --api-key as a normal usage pattern materially increases the chance of credential leakage.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script writes API-sourced content into an HTML file and later opens it in the user's browser. Because article fields such as title, author, and cover URL are inserted into HTML without escaping, a malicious upstream content source could inject script or active HTML that executes locally when the report is opened.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal