Back to skill

Security audit

Regulation Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its stated purpose, but it needs review because it sends extracted document content to Feishu using command-line app credentials and can write or delete Bitable records.

Install only if you intend to sync extracted regulation text to Feishu Bitable. Use a least-privilege Feishu app, avoid putting long-lived secrets in shell history or shared logs, run --dry_run first, and be cautious with --delete_dupes because it can remove records. Fix or avoid quality_check.py until it accepts the intended directory instead of scanning the hard-coded local path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow instructs users to sync extracted regulation data to Feishu and pass app credentials on the command line, but it does not prominently warn that data will leave the local environment or that secrets are being handled. This creates a realistic risk of unintended external data transmission, accidental credential exposure in shell history/process listings, and weak operator awareness around data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires the Feishu app secret to be passed as a command-line argument, which can expose it through shell history, process listings, job logs, and orchestration tooling. In this skill's context, the secret grants API access to a Bitable workspace, so disclosure could let an attacker read, create, or delete records depending on the app's permissions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.