Security audit

ai-topic-scout-feishu

Security checks across malware telemetry and agentic risk

Overview

This skill openly performs its stated job: collecting public YouTube/Twitter topic data, analyzing it, and writing results to Feishu tables.

Install only if you are comfortable granting Feishu table write access and running local scraping tools. Use a dedicated Feishu workspace/table, keep API tokens out of shared config files, review the configured sources, and enable the optional cron job only when recurring external fetches are intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill declares a generic `exec` capability even though its stated purpose is fetching content, analyzing topics, and writing results to Feishu Bitable. Exposing unrestricted command execution materially expands the attack surface: if any prompt, fetched content, or downstream workflow can influence tool invocation, an attacker could turn a content-analysis skill into a local command runner with potential data exfiltration or system compromise.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to scrape YouTube and Twitter/X content, analyze it with an AI model, and write results into Feishu, but it does not clearly disclose the resulting data flow, third-party transmission, or privacy/compliance implications. This can cause users to unknowingly collect, process, and export public content and metadata to external services, increasing legal, privacy, and policy risk even if the sources are public.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad phrases such as “抓取选题”, “分析选题”, and “更新选题表”, which are likely to overlap with ordinary user requests. In an agent environment, this can cause accidental invocation of a workflow that performs external fetching, LLM analysis, and writes data into Feishu, leading to unintended actions and data changes without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill is designed to automatically scrape external platforms, process the collected content with an LLM, and write results into Feishu, but the documentation does not prominently warn users about third-party terms-of-service issues, rate limits, privacy considerations, or the consequences of granting Feishu write access. This increases the risk of users enabling broad automation without understanding that the skill can collect, transform, and persist external data across systems.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases for activating the skill are broad, common user intents such as '分析选题' and '查看选题分析', which could match ordinary conversation unrelated to this specific skill. Over-broad activation increases the chance the skill runs unexpectedly, causing unintended use of external tools, data collection, or writes into Feishu resources.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Administrative triggers like '添加YouTube频道', '禁用数据源', and '启用数据源' lack scope or authorization context, so normal discussion of those actions could invoke state-changing behavior. In a skill with network access and Feishu write capability, accidental or induced activation could modify monitored sources or disable protections, affecting integrity and availability of the tracked dataset.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.