Collaboration Manager

Security checks across malware telemetry and agentic risk

Overview

This is a real Feishu group-chat coordination skill, but users should review it because it broadly changes when agents respond and publishes environment-specific Feishu identifiers.

Install only after replacing Feishu IDs with private configuration, giving each agent a distinct identity, narrowing keyword triggers or requiring explicit @ mentions, and deciding whether this skill should be allowed to override local group-chat rules. The inspected code does not show malware-like behavior, but the group-chat authority and routing ambiguity warrant review before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The documentation embeds concrete Feishu identifiers, including a real-looking openId and chat IDs, plus detailed integration guidance. Publishing platform-specific identifiers and deployment details increases information exposure and can aid reconnaissance, social engineering, or accidental misuse of production resources.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Very broad trigger categories for Juna such as greetings, general help, and casual discussion can cause the agent to activate on routine conversation. In a multi-agent or group-chat setting, overbroad activation increases the chance of unintended responses, prompt-surface expansion, and accidental disclosure into conversations where the agent should remain silent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The instruction to respond whenever a message contains 'your keywords' is underspecified and leaves too much discretion to fuzzy matching. Ambiguous routing logic can be exploited or accidentally triggered, causing the wrong agent to respond, duplicate replies, or leakage of context across unrelated conversations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Keywords like '帮忙' and '建议' are generic everyday terms that appear in many ordinary messages. Using them as activation signals makes unintended invocation likely, which is especially risky in shared chats where agents may expose context, interrupt human discussion, or respond outside their intended role.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages recording user tasks and schedules, which are personal data, without any notice about retention, consent, visibility, or storage boundaries. In collaborative chat environments, this can lead to inadvertent collection and exposure of personal scheduling information to other participants or systems.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The main agent uses very broad conversational keywords such as greetings, 'help', 'discussion', and 'design', with no visible scoping or disambiguation. In a multi-agent skill, this can cause unintended activation, misrouting of user requests, and over-collection or handling of conversations that were not meant for this agent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The System Engineer agent includes ambiguous high-frequency keywords like 'design', 'database', 'network', 'security', and 'logs' without trigger constraints. These terms overlap heavily with general technical discussion, increasing the chance that unrelated messages invoke this agent and expose users to incorrect routing or unintended automated responses.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The Housekeeper agent is triggered by generic productivity terms like 'task', 'plan', 'time', 'meeting', and 'management', which are common in ordinary chat. This creates a realistic risk of accidental invocation in unrelated conversations, especially in collaborative settings where many messages naturally contain those words.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal