AI Trend Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AI-trend notification tool that posts configured summaries to Feishu webhooks, with no evidence of hidden data theft or destructive behavior.

Install only if you intend to send AI trend summaries to Feishu. Use dedicated Feishu webhook URLs, keep them private, verify the source repository before running npm install, and enable cron or realtime mode only when you want recurring posts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly describes real-time and scheduled monitoring with Feishu webhook delivery, but it does not clearly warn users that collected third-party content will be transmitted to external Feishu endpoints. This can cause unintended data egress, privacy issues, and surprise outbound notifications, especially when deployed as an always-on scheduled job.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal