Security audit

producthunt-wingman

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being an outreach automator, but it asks for account-impacting LinkedIn automation through missing server code, broad triggers, scheduling, and a saved browser session.

Review before installing. Do not let it run setup.sh, main.py, or LinkedIn automation until the referenced server files are available from a trusted source and have been inspected. Use a dedicated LinkedIn browser profile, confirm exactly what messages or connection requests can be sent automatically, verify how the cron schedule is installed and removed, and know how to delete the saved browser profile and prospect data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "Start my PH outreach" is broad enough that a normal user request about beginning outreach could unintentionally invoke this skill. In this skill's context, invocation is more dangerous because the skill can start a local server, launch automated pipelines, and drive LinkedIn outreach actions, so accidental activation could cause unintended network activity and account-impacting automation.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase at line 19 ("Start my PH outreach") is broad enough that an ordinary user request about beginning outreach could unintentionally activate this skill. Because the skill automates outreach and engagement actions on a schedule, accidental invocation could cause unintended scraping, enrichment, or messaging activity.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase at line 23 ("Enrich new prospects") is too generic and could match common CRM or sales-assistant requests unrelated to this skill. In the context of a tool that performs prospect enrichment and LinkedIn engagement, ambiguous activation increases the risk of unintended processing of contacts or external actions.

Vague Triggers

High

Confidence: 98% confidence
Finding: The trigger value at line 25 ("cron") is extremely ambiguous and can collide with system, scheduling, or conversational references to cron jobs. In a skill designed for scheduled automation, this creates a heightened risk of unintended autonomous execution or control actions being invoked merely by discussing scheduling concepts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.