Back to skill

Security audit

botlearn-strategy-intel

Security checks across malware telemetry and agentic risk

Overview

The skill’s company-analysis workflow is mostly coherent, but its run instructions pass a user-supplied company name into an unquoted shell command, so it needs review before installation.

Review or patch the execution instruction before installing so company names are safely quoted, validated, or passed as argv rather than interpolated into a shell command. Use limited-scope Apify and model-provider API keys, and avoid submitting confidential, regulated, or internal target names because the workflow sends queries and scraped public data to third-party services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill conditionally reads provider API keys from the environment and performs outbound calls to OpenAI or Anthropic, but the provided context includes no manifest, consent flow, or disclosure establishing that external network access and credential use are expected. In an agent-skill setting, silent use of ambient credentials expands trust boundaries and can route user-derived data to third parties without explicit approval.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README explicitly states that the skill scrapes public data via Apify and requires external API keys, but it does not clearly warn users that company queries and retrieved data will be transmitted to third-party services. This creates a transparency and privacy risk: users may submit sensitive targets or internal research subjects assuming local processing when the workflow actually depends on external providers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to execute a shell command that triggers scraping and AI analysis, but it does not disclose to the user that using the skill will launch a subprocess and perform external network activity. This is a real safety issue because it can surprise users, bypass informed consent expectations, and expand the attack surface through command execution and third-party data access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code serializes scraped company data and includes it verbatim in prompts sent to external model APIs. Even if the target is a public company, scraped raw data can contain sensitive, proprietary, or unexpectedly personal information, and the skill gives no user-facing warning, minimization, or redaction before exfiltrating that data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.