Venus Project Pm

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed project-management skill that runs visible Feishu/Bitable workflow commands, but users should only install it for that specific Venus ERP environment.

Install this only if you manage the Venus ERP Feishu/Bitable workflow and trust the referenced local venus-bitable-sync.py script and its credentials. Before use, review that script separately and ask the agent to confirm before commands that create group tabs, sync rosters, seed planning files, collect or track reports, or migrate Base fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to run shell commands that can create or modify local planning files, migrate data structures, and potentially change remote Feishu/bitable state, but it provides no explicit confirmation gate, dry-run step, or user warning. In an agentic context, this increases the chance of unintended state changes or destructive operations being executed automatically from a documentation workflow.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal