Security audit

AIPyApp - AI自动化任务执行工具

Security checks across malware telemetry and agentic risk

Overview

This skill is an AI automation runner that openly installs packages and runs generated Python, but it lacks enough scoping and safety guidance for that level of local authority.

Review carefully before installing. Use a container or virtual environment, avoid `--break-system-packages`, pin and verify the package version, use a dedicated low-privilege LLM API key, disable result sharing and auto-install unless needed, and review generated code before execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation phrases are broad enough to trigger on common requests like web scraping, running Python scripts, or generic automation tasks, which can cause the skill to activate unexpectedly. In this skill's context, unintended activation is more dangerous because the tool is explicitly designed to generate code, install dependencies, and execute tasks on the host system.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The overview describes autonomous code writing, execution, and dependency installation without warning the user that generated code may be unsafe, packages may be untrusted, and system state can be modified. This omission is significant because the skill enables powerful actions that can lead to arbitrary code execution, persistence, data loss, or supply-chain compromise if used incautiously.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to store API credentials in a local config file but does not mention file permission hardening, secret handling, or the risk of accidental disclosure through logs, backups, or shared home directories. Because this tool also performs automated tasks and may generate code, exposed credentials could be reused for unauthorized API access or exfiltration.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The configuration examples normalize placing API keys directly in config files and also present potentially risky defaults like result sharing and auto-install in the full example without any surrounding warning. In an automation tool that executes tasks and may interact with external LLM providers, this increases the chance of secret leakage, unintended package installation, and external disclosure of user data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.