Smart Poller

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can automatically mark remote Feishu tasks as completed even though it only generates canned responses rather than actually performing the tasks.

Install only if you intentionally want a Feishu document to drive unattended task-board updates. Use a dedicated least-privilege Feishu app, keep config.json private, restrict who can edit the board, test with --once first, and avoid relying on its completion messages as proof that real work was performed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The script writes completion feedback indicating a task was completed even though executeTask only generates canned responses and does not actually perform the requested action. In an agent/task-board context, this can mislead operators, corrupt audit trails, and cause unsafe downstream decisions based on false task completion status.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly describes a system that periodically polls a shared task board, automatically executes tasks, and writes results back without highlighting trust boundaries, approval gates, or command/task validation. In an agent-skill context, that creates a real security risk because any party able to modify the Feishu document could potentially trigger unintended autonomous actions by the agent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly advertises automatic polling of a Feishu task board and automatic write-back of completion results, but it does not warn users that the skill will continuously transmit data to a remote service and modify remote documents on their behalf. In an agent-skill context, silent background access plus remote state changes can surprise operators, expand data exposure, and enable unintended actions if the configuration or task source is abused.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states it will periodically poll a remote Feishu task board and auto-execute tasks assigned to the agent, but the description does not warn users that this enables unattended remote task execution and automatic writes back to the board. That omission can cause users to install or run the skill without understanding that untrusted or compromised board content may trigger actions on their system.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The configuration section instructs users to populate highly sensitive values such as app_id, app_secret, and document identifiers without any warning about secret handling, storage, rotation, or leakage risk. This increases the chance that operators will place credentials in plaintext files, commit them to source control, or expose them through logs and shared environments.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: # Smart Poller > Periodically polls a Feishu (Lark) task board and auto-executes tasks assigned to the current AI agent. **Version**: v1.0 | **Author**: socneo | **Category**: automation
Confidence: 93% confidence
Finding: auto-execute

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal