Back to skill

Security audit

iHub日报自动填写

Security checks across malware telemetry and agentic risk

Overview

This skill’s purpose is coherent, but it handles real login passwords and submits account data without enough safeguards or confirmation.

Review before installing. Only use this if you are comfortable exposing the iHub account credentials to the agent runtime, command history/logs, and an open browser session. Prefer a version that uses a secure credential store or existing browser session and requires a preview plus explicit confirmation before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad natural-language phrases such as “填写日报” and “daily report”, which can cause the skill to activate during ordinary conversation rather than only through an explicit invocation. Because this skill performs authenticated browser automation and can submit data to a remote system, accidental triggering could lead to unintended logins or unauthorized report modifications.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill asks users to provide a username and password directly, but it does not describe secure credential handling, storage restrictions, redaction, or safer alternatives. This creates a significant risk of credential exposure through logs, prompts, screenshots, browser state, or unintended reuse by the automation environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow includes saving content, submitting the report, and entering a change reason, all of which modify data in the remote iHub system, yet the skill provides no explicit warning, approval gate, or confirmation step. In context, this is more dangerous because the automation targets a real authenticated enterprise workflow, so mistakes or prompt-triggered execution can create false records or unauthorized changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts a password via command-line arguments (`--password` / `-p`), which exposes the secret through shell history, process listings, and job-control tooling on the host. In an automation skill that handles login credentials for a real web service, this is a genuine credential-handling weakness even though there is no evidence of malicious intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.