Security audit

zijiyong

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Web of Science-to-Feishu workflow that can use authenticated services and update Feishu tables, but its artifacts require user confirmation and show no hidden code or credential theft.

Install this only if you want an assistant to use your authorized WoS/SZU and Feishu access. Before allowing writeback, confirm the exact Feishu Base, subtable, fields, and append/update/overwrite behavior. Do not provide passwords or verification codes for storage, and review the default SZU username before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger rule activates on any mention of WoS/Web of Science, which is broader than the actual workflow scope and can cause the agent to invoke browser automation, institutional-login guidance, or Feishu writeback in contexts where the user only made a passing reference. In a skill that can touch authenticated resources and local CLI tooling, over-triggering increases the chance of unintended actions or collection of unnecessary sensitive inputs.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description uses expansive invocation language covering multiple related workflows without clear boundaries, making it likely the skill will be selected for loosely related academic or platform mentions. Because the skill includes authenticated access paths and record writeback to Feishu, ambiguous routing can lead to unnecessary exposure of credentials, misdirected automation, or writes to the wrong destination.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default prompt broadly instructs the agent to search, screen papers, and write results into Feishu Base via a local CLI without clear trigger constraints, scope limits, or user-confirmation boundaries. This increases the chance of unintended external actions or overbroad data handling, especially because it combines retrieval, judgment, and a local write operation in one loosely scoped invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.