Security audit

Bug问题上报

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised bug-reporting task, but it can automatically send user text to a fixed WeCom spreadsheet webhook and create persistent records without clear user confirmation.

Install only if this fixed Enterprise WeCom sheet and assignee are the intended destination. Treat anything entered as a bug report as data that may leave your workspace, avoid secrets or customer data, and prefer a version that requires explicit confirmation, uses a private configured webhook secret, and removes the unexplained npm dependency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are very broad (e.g. any statement like '有xxx问题' or 'xxxBug'), which can match ordinary conversation and cause the reporting workflow to activate unintentionally. In this skill, accidental activation is particularly risky because it immediately forwards user-provided content to an external enterprise webhook.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description says that when a user reports an issue, it will automatically add the content to a WeCom smart sheet, but it lacks precise activation constraints. Ambiguous activation criteria increase the chance that unrelated or sensitive text is treated as a bug report and transmitted externally.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill sends raw user problem descriptions to an external WeCom webhook, but it does not clearly disclose this data transfer or warn about privacy implications. Users may include credentials, personal data, internal URLs, or incident details in bug descriptions, resulting in unintended external disclosure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow mandates automatic POST submission without a confirmation step or risk prompt, so a single ambiguous utterance can immediately exfiltrate user content to the configured webhook. This is especially dangerous because the webhook key is embedded directly in the skill, making the destination fixed and highly sensitive.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script sends user-provided bug descriptions to an external WeCom webhook, but there is no notice, consent flow, or minimization before transmission. Bug descriptions often contain sensitive internal data, credentials, URLs, stack traces, or customer information, so silent exfiltration to a third-party endpoint creates a real data exposure risk in this skill context.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The script writes the full request, including the user-supplied bug description, to a predictable temporary file in /tmp. On multi-user or shared environments, temporary files can be exposed through weak permissions, races, or leftover artifacts if cleanup fails, making this a legitimate confidentiality issue.

External Transmission

Medium

Category: Data Exfiltration
Content: EOF # 发送请求 RESPONSE=$(curl -s -X POST "$WEBHOOK_URL" \ -H "Content-Type: application/json" \ -d @/tmp/bug_request.json)
Confidence: 96% confidence
Finding: curl -s -X POST "$WEBHOOK_URL" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.