Back to skill

Security audit

yoooclaw-work-report-en

Security checks across malware telemetry and agentic risk

Overview

The skill’s work-report purpose is clear, but it reads broad notification archives and can surface identifiable workplace information without enough source scoping or review safeguards.

Install only if you are comfortable letting the skill read notification history for the selected dates and apps. Configure a narrow allowlist of work apps or groups, review the generated report before sharing it, and remove names, confidential project details, deadlines, or private messages that should not leave their original context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad natural-language phrases such as 'what you did today' and 'work summary', which can cause the skill to activate during ordinary conversation rather than from a clearly scoped user intent. Because the skill accesses notification-derived work data, accidental activation can expose or process sensitive workplace information without sufficiently specific consent.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes aggregating content from Feishu, DingTalk, email, calendars, and project tools, but it does not clearly warn users that sensitive notification content may be accessed, analyzed, and summarized for onward sharing. This creates a meaningful consent and privacy risk because users may not realize the breadth of data collection or that confidential business information could be surfaced in a report.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill is designed to extract work progress, communication points, and to-dos from message notifications and turn them into a report that can be sent to a leader or posted publicly in a workbench. That creates a data-handling risk because personally identifiable names, project details, and internal discussions can be repackaged and redistributed beyond the original notification context.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instruction to automatically identify work apps from notifications if the user does not specify sources encourages broad collection across many applications without strong minimization boundaries. In context, this increases the chance that sensitive but irrelevant content from mixed-use apps, external collaborators, or confidential channels will be swept into analysis.

Ssd 3

Medium
Confidence
96% confidence
Finding
The data-loading logic directs the agent to locate and read daily JSON files containing notification message content across apps, which is a direct path to bulk access of potentially sensitive communications. Even without exfiltration code, centralized ingestion of raw notifications materially increases the risk of overcollection, confidentiality breaches, and inclusion of secrets or regulated data in downstream summaries.

Ssd 3

Medium
Confidence
94% confidence
Finding
The output style explicitly requires preserving original project names, person names, and deadlines, which increases the chance that confidential business context and personal identifiers will be exposed in a shareable report. Since the report is intended for direct forwarding to leadership or posting on a workbench, the context makes this more dangerous by encouraging redistribution of exact sensitive details.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.