Back to skill

Security audit

公众号标题生成与评分

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is coherent, but it has review-worthy risks around broad activation and possible API key exposure in debug logs.

Install only if you are comfortable sending title topics and scoring inputs to RedFox. Avoid using --debug unless the script is fixed to redact X-API-Key, and use the skill only for explicit WeChat title-generation or title-scoring tasks rather than generic writing requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README instructs users to invoke the skill with very broad natural-language requests ('Simply describe your needs in natural language'), which can make routing systems trigger the skill on loosely related user text. In an agent ecosystem, this increases the chance of unintended activation, causing unnecessary external API use and unexpected disclosure of user prompts to the third-party RedFox service.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example prompts are common, everyday editorial requests such as asking for titles or trending topics, without strong scope constraints or a requirement to explicitly name the skill. In systems that select skills from free-form user text, such generic examples can cause overmatching, leading the skill to activate when the user did not intend to send content to this tool or its backing API.

Vague Triggers

High
Confidence
93% confidence
Finding
The instruction that any user input should be treated as a request to generate or score titles is an overly broad activation rule that can hijack unrelated conversations and send unintended content into the skill workflow. In context, that means arbitrary user text could be interpreted as query material, transmitted to the external API, and written to disk without a clear trigger or user intent.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
In debug mode, the script prints the entire headers dictionary to stderr, which includes the X-API-Key value. This can leak credentials into terminal history, logs, orchestrator traces, or user-visible agent output, enabling unauthorized reuse of the API key against the external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.