Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- 该示例将 human_input_mode 设为 NEVER 并启用代码执行,且 use_docker=False 表示代码可能直接在本地宿主环境运行。虽然这是框架功能演示而非直接恶意逻辑,但缺少显式风险提示会让使用者在不充分理解的情况下复制粘贴,导致执行 LLM 生成或转述的未受信任代码并对本地文件、网络或系统状态产生副作用。
Autogen
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only AutoGen helper; its risky code-execution examples are visible and purpose-related, but users should sandbox them carefully.
Install in a virtual environment, keep API keys out of code, prefer Docker or another restricted sandbox, and avoid human_input_mode="NEVER" or use_docker=False for untrusted tasks or sensitive projects.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- 群聊示例中 executor 配置为 human_input_mode='NEVER',会在多智能体自动协作流程中执行代码,即使这里使用了 Docker,仍然可能造成容器内文件变更、资源消耗、敏感数据暴露或经不安全容器配置扩展到宿主环境的风险。技能内容把自动执行描述为常规用法,却未强调这是高风险能力,会降低用户对系统副作用的警惕。
VirusTotal
66/66 vendors flagged this skill as clean.