Back to skill

Security audit

Auwomo Task

Security checks across malware telemetry and agentic risk

Overview

This skill is for Feishu task management, but it can automatically read team work data and write persistent task records from broad or ambiguous prompts without enough confirmation.

Install only if you are comfortable with an agent that can read Feishu task context, potentially include subordinate task data, use Cotrace workstream data, and create or update task records. Require explicit confirmation before any write, avoid broad casual trigger phrases, and use team mode only when subordinate task visibility is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to pull work data from Cotrace when the user asks to record work but does not provide details, expanding the data sources beyond the declared auwomo task CLI workflow. This can cause unintended cross-skill data access, privacy leakage, or inaccurate task records because the user did not explicitly consent to using another system as the source of truth.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad everyday phrases such as record, progress, context, and common Chinese work-update expressions that can appear in normal conversation without intent to modify a task system. This increases the chance of unintended activation of a skill that can read and write remote task data, especially when paired with write-capable commands.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation examples include ambiguous statements like '今天修了 xxx' and '做了 xxx', which may simply describe work in conversation but are treated as task-record requests automatically. In this skill's context, that ambiguity is more dangerous because the documented workflow can create persistent remote records rather than just answering conversationally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill describes write operations like creating tasks and recording progress through the CLI but does not require a user-facing warning or confirmation that these actions will modify remote Feishu task records. This raises the risk of accidental state changes, incorrect audit trails, and user surprise when the skill is activated from ambiguous language.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented `--team` mode explicitly returns all subordinates' task data and includes identifying fields such as `assignee_open_id`, but the guidance does not warn about sensitivity, access control expectations, or safe handling of that data. In a task-management skill, this increases the chance of unnecessary exposure of employee work context and identifiers through over-broad queries, logs, summaries, or downstream sharing.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very common phrases such as “记录”, “进展”, “完成了”, and “今天做的”, which can appear in ordinary conversation without a clear intent to invoke this skill. Because this skill can proceed to write completed records into the Feishu task tree, overly broad invocation raises the risk of accidental activation and unintended data modification.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Mode B can be triggered by vague phrases like “用一下记录技能” and also by cron reminders, even when the user has not provided explicit content. In this context, ambiguous activation is more dangerous because the skill may pull Cotrace data, generate drafts, and continue toward recording work items with limited user intent verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill allows direct recording without confirmation when content seems clear, but it does not require an explicit user-facing warning that data will be written into the Feishu task tree as a completed record. This creates a real risk of users phrasing something conversationally and unintentionally causing durable task-system changes, especially since the CLI records items as completed by default.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples include broad everyday phrases like “帮我写日报” and “总结一下本周进展” without clearly constraining when this skill should activate versus other skills. In an agent environment, overly broad invocation scope can cause accidental routing of unrelated user requests into a task-reporting workflow, leading to unintended access to task context or team progress data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.