Back to skill

Security audit

张一鸣微博金句推送

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated Feishu message-sending purpose, but it asks the agent to reuse credentials, send live messages, and enable hourly delivery without enough explicit user control.

Install only if you want an agent to use Feishu app credentials and send recurring private messages. Before enabling it, confirm the exact credential source, recipient open_id, test message, and hourly schedule; use a dedicated least-privilege Feishu app secret and make sure you know how to disable the scheduled job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically reuse or write Feishu credentials/configuration and then perform a real outbound test send. That creates a meaningful risk of modifying workspace configuration and transmitting data to a third-party service without an explicit, informed user confirmation step, especially when the skill defaults to acting on behalf of the user and selecting the current user as the recipient.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The troubleshooting and local-run sections normalize direct handling of `ALICE_FEISHU_APP_SECRET` and related identifiers but do not warn that these are sensitive secrets or describe safe storage practices. This increases the chance that users or downstream agents will expose secrets in chat logs, shell history, screenshots, or insecure environment setups.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.