Back to skill

Security audit

Auwomo Message

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Feishu/Lark private-message helper, but users should verify recipient and text before sending real organization messages.

Install only if you trust the local auwomo and lark-cli tools and the configured bot account. For important messages, ask the agent to run dry-run first and confirm the exact recipient and message text before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very generic English terms such as "message" and "send", which can match many unrelated user requests and cause unintended skill activation. In a messaging skill, accidental invocation is security-relevant because it may lead to sending notifications or private messages to organizational members when the user did not intend to use this capability.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad enough that ordinary conversational phrases like '通知某人某件事' or '发给 xxx:...' could activate a message-sending skill without a clearly constrained intent check. In a skill that causes outbound communication to real organization members, ambiguous activation increases the risk of unintended message delivery, social engineering assistance, or misuse from loosely matched user prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.