Security audit

Auto Weekly Report System

Security checks across malware telemetry and agentic risk

Overview

This is a coherent weekly-report automation skill, but users should review local data and WeCom publishing targets before using it.

Install only if you intend to generate weekly reports from the named /tmp data files. Review /tmp/weekly_report_auto.md before running any WeCom commands or adding the cron job, confirm the WeCom account and document visibility, and fix the documented script-name mismatch before relying on the quick-start commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: print(f"📌 {name}") print(f"{'='*60}") result = subprocess.run(command, shell=True, capture_output=False, text=True) if result.returncode != 0: print(f"❌ {name} 失败")
Confidence: 95% confidence
Finding: result = subprocess.run(command, shell=True, capture_output=False, text=True)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill advertises and instructs use of shell commands plus reads and writes operational data files, but declares no permissions or trust boundaries. That mismatch is dangerous because an agent or reviewer cannot accurately assess what the skill is allowed to access, increasing the chance of unintended file access, command execution, or automation against sensitive local resources.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly promotes automatic collection and publication of report data to WeCom, but provides no warning about sensitive data handling, access scope, or publication safeguards. In a system that aggregates multiple business data sources and auto-publishes externally to a collaboration platform, missing privacy and authorization guidance increases the risk of unintended data disclosure.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description says the skill should be used whenever automated report generation, team data sync, or scheduled summaries are needed, which is broad enough to trigger in many ordinary enterprise contexts. Over-broad activation increases the risk that the skill is invoked on unrelated requests and then accesses local logs, config files, or publishing actions without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly supports publishing generated reports to WeCom documents and returning a share link, yet provides no warning that internal operational data will be sent to an external collaboration surface. In context, the report aggregates production logs, reply statistics, pricing data, and health checks, so automatic publication can cause confidential business data exposure or accidental oversharing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal