Back to skill

Security audit

EMAR adv-plan-diagnosis

Security checks across malware telemetry and agentic risk

Overview

This skill coherently diagnoses user-specified ad plans through the relevant ad-platform APIs, but users should handle the required access tokens carefully.

Install only if you are comfortable letting the script query the specified ad accounts using locally configured Ocean Engine or Tencent Ads tokens. Keep .env private, use least-privileged and short-lived tokens where possible, avoid logging full request URLs, verify account and ad IDs before running, and consider pinning dependency versions in managed environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Findings (8)

Tainted flow: 'params' from os.getenv (line 101, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
'page': 1,
        'page_size': 10
    }
    resp = requests.get(url, params=params)
    resp.raise_for_status()
    data = resp.json()
    if data.get('code') != 0:
Confidence
90% confidence
Finding
resp = requests.get(url, params=params)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, natural-language requests such as '检查广告' and '成本高怎么办', which can cause accidental invocation in unrelated conversations. Unintended activation can expose internal workflow behavior, prompt for account identifiers, or initiate sensitive diagnostic actions without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs that access tokens are read from a .env file, but provides no user-facing safeguards on secret handling, storage boundaries, redaction, or non-disclosure. In an agent setting, encouraging implicit use of locally stored credentials increases the risk of secret exposure, misuse of privileged API access, or unsafe execution patterns around sensitive configuration.

Credential Access

High
Category
Privilege Escalation
Content
巨量引擎使用官方诊断接口;腾讯广告因官方诊断接口下线,使用报表+规则引擎。

两个平台的 access_token 都从 .env 文件读取,需要用户自行配置并定期更新(腾讯 token 有效期2小时)。

若脚本返回 {"status": "error"},将 message 告知用户。
Confidence
93% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
requests>=2.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.