群消息超时监控

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu workflow for checking unreplied group messages, updating one table checkbox, and sending timeout reminders to a fixed group.

Install only if you want this agent to use your Feishu authorization to read the specified Bitable records and recent group messages, mark recalled messages in the table, and send timeout reminders to the hard-coded group. Review the fixed Feishu IDs and consider adding confirmation or logging for manual runs if this will affect shared operational records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly updates the '是否撤回' field in the table and pushes reminder cards to a target group, but it does not present a clear user-facing warning or confirmation step before performing those side effects. In this context, the actions affect shared records and notify other users, so silent execution can cause unintended data changes, duplicate or premature alerts, and operational confusion.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal