Back to skill

Security audit

公众号爆款选题雷达

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed hot-topic collection and report-generation tool, with network access and local report files that fit its stated purpose.

Install only if you are comfortable with a Python tool that contacts third-party trend APIs/platforms and writes local HTML/JSON reports. For stricter environments, pin dependencies, review platform scraping/API terms, prefer HTTPS-only sources, avoid opening generated reports that load remote Plotly assets unless acceptable, and check exported topic data before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The WechatCollector documentation says it provides simulated/example data, but the implementation still performs real outbound requests to Sogou Weixin. That mismatch is security-relevant because users or downstream systems may believe no live scraping occurs, while the code actually transmits queries to a third party and may trigger unexpected network activity, privacy exposure, or policy violations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill clearly describes broad multi-platform data collection and local report/data export, but the documentation does not surface this behavior as an explicit operational warning in the main description. That omission can mislead users about network access, third-party data retrieval, and local artifact creation, reducing informed consent and increasing the chance of unexpected data handling in an agent environment.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The collectors issue outbound HTTP requests to multiple external platforms without any user-facing disclosure, consent flow, or clear indication that platform names/queries will be sent over the network. In an agent skill context, hidden external communication is risky because it can leak operational intent, trigger unintended scraping behavior, and create compliance or privacy issues even if the queried data is public.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code creates a reusable requests session with a realistic User-Agent and then makes multiple outbound requests to third-party services. This exposes request metadata such as IP address, headers, and access patterns to external operators without any user-facing disclosure or consent mechanism, which is a genuine privacy and supply-chain risk in an agent skill.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This collector uses a plain HTTP endpoint for api.xcvts.cn, so requests and responses can be intercepted or modified in transit by a network attacker. Because the data is then parsed as JSON and trusted by the application, a man-in-the-middle could tamper with returned topics, inject malicious URLs, or cause downstream consumers to act on falsified content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.