腾讯频道Skill

Security checks across malware telemetry and agentic risk

Overview

This Tencent Channel management skill is mostly coherent, but it needs Review because it can take account-facing actions from ambiguous recent-notification context and can fetch arbitrary user-provided URLs for link titles.

Install only if you trust the Tencent Channel CLI workflow and are comfortable granting it account-level channel authority. Before using notification shortcuts, require the agent to show the exact notification number and target summary before sending replies, DMs, approvals, rejections, deletes, mutes, kicks, or other changes. Avoid letting it fetch titles for untrusted URLs unless you explicitly approve the link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The document instructs the agent to use WebFetch to retrieve page titles from arbitrary URLs supplied by users. That expands the skill from Tencent Channel management into external network access, creating a server-side request/URL-fetching primitive that can be abused to contact unexpected hosts, leak metadata, or fetch internal resources if the runtime is not tightly sandboxed. In this skill context, the behavior is more dangerous because it is triggered during routine content-authoring flows and may process attacker-controlled URLs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal