Daily Report

Security checks across malware telemetry and agentic risk

Overview

This reporting skill openly creates local daily summaries and Telegram alerts, with no executable code or hidden behavior found.

Before installing, decide what information may be written to memory files and sent to Telegram. Avoid storing secrets, full lead records, personal message contents, or unnecessary confidential details, and periodically review or delete old daily logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs saving daily operational logs to persistent memory files, including metrics, issues, notes, and lead summaries, without any guidance on minimizing, classifying, or protecting potentially sensitive business data. If those logs contain customer details, outreach content, internal costs, or blockers, they may create unnecessary long-term retention and increase exposure in the event of unauthorized access or later misuse.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill requires immediate Telegram alerts for operational events such as replies, budget status, errors, and blocked tasks, but provides no constraints on what data may be transmitted. Without privacy controls, alerts could leak lead information, internal metrics, or troubleshooting details to a third-party messaging platform, increasing the risk of data exposure or unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal