AI情报飞书文档

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AI news digest that fetches public RSS feeds and saves a local Markdown report.

Review the RSS feed list before running it, install dependencies from a trusted source, and enable the cron example only if you want daily external feed fetching and local report generation. Treat generated article text, links, and images as untrusted third-party content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The markdown describes automatic RSS fetching and scheduled daily execution, but does not clearly warn users that the skill makes outbound network requests and writes files. In isolation this is not an exploit primitive, but it is a real safety issue because hidden operational behavior can surprise users, violate least-astonishment, and cause unauthorized network activity or disk writes in restricted environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal