'抓取需求、分析、生成用例'

Security checks across malware telemetry and agentic risk

Overview

This skill performs a coherent Wiki-to-testcase workflow, but it ships hardcoded internal Confluence credentials and persistently saves sensitive fetched content without enough user control.

Install only if you are authorized to access the referenced Confluence content and are comfortable reviewing or changing the source first. Replace the embedded credentials with your own secure configuration, rotate any exposed credentials if they are real, restrict outputs to a protected directory, and delete debug HTML or disable that behavior before using it on confidential pages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The README explicitly documents hardcoded Confluence credentials in source-visible configuration, which is a real security issue because it normalizes embedding secrets in code and may expose valid internal credentials to anyone with repository access. In this skill context, the danger is elevated because the tool automates authenticated extraction of internal wiki content, so leaked credentials could enable unauthorized access to sensitive documentation and downstream data exfiltration.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: This is a genuine security weakness in the documentation because it claims environment variables are recommended while presenting hardcoded credentials as the default code configuration, encouraging insecure operator behavior. In practice, users often copy the documented default path, causing secrets to be stored in files, committed to repos, or shared across teams.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README promotes automated login and authenticated wiki extraction without warning that credentials and retrieved content may be sensitive, which is a real security documentation deficiency. In this context, the skill targets internal Confluence pages, so users may unknowingly run it against confidential material without considering credential handling, data minimization, or authorization boundaries.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The one-command workflow writes multiple local artifacts derived from internal wiki content to disk without a clear warning, creating a real risk of sensitive data proliferation on developer machines or shared environments. This is more dangerous in the skill's context because the outputs span several formats (.docx, .txt/.json, .md, .xlsx), multiplying accidental exposure through backups, sync tools, email, or source control.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script writes converted documents into a persistent directory under the user's home folder without any consent prompt, retention control, or sensitivity warning. In this context, the data comes from an internal Confluence instance and may contain confidential business information, so silent local persistence increases risk of unintended disclosure on shared or monitored systems.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script saves full page HTML to debug files in a persistent local directory, which can capture sensitive Confluence content, internal links, metadata, and potentially tokens or user-specific state rendered in the page. Because this is an internal wiki exporter using hardcoded credentials, the debug dumps materially increase the chance of sensitive data leakage beyond the intended .docx output.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script automatically issues additional HTTP requests for every image source found in page content, including absolute URLs, without restricting hosts or warning the user. In an adversarial or compromised wiki page, this can trigger requests to attacker-controlled endpoints or internal network locations, causing credential-bearing requests, traffic leakage, or limited SSRF-like behavior from the authenticated browser context.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The configuration example normalizes storing a username and password in plaintext in a local config file, which can lead users to persist real credentials insecurely. If that file is exposed through local compromise, backups, sync tools, or accidental commits, attackers can obtain Wiki credentials and access protected documentation or linked resources.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill documentation describes automatic login, session cookie reuse, and later hard-codes a default username and password for Confluence. Embedding credentials and encouraging automatic authenticated access can expose internal systems, leak secrets to unauthorized users, and normalize insecure credential handling in an environment that processes internal documentation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal