Security audit

公众号内容聚合

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is purpose-aligned for summarizing WeChat public-account content, but users should understand its external search, remembered preferences, daily pushes, and optional Feishu saves.

Before installing, make sure you are comfortable with public-account names or links being searched through Baidu, keyword preferences being remembered, daily push behavior, and confirmed exports to a Feishu table. Use limited Feishu permissions and confirm the destination before saving records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase set includes very generic natural-language commands such as '帮我关注公众号' and '整理公众号', which can overlap with ordinary conversation and unintentionally invoke the skill. Because this skill performs external search, content aggregation, and potential storage to Feishu, accidental activation could cause unintended data retrieval or workflow execution.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README markets the skill as zero-cost and convenient but does not clearly warn users that input data and queried content may be sent to third-party services such as Baidu, Feishu, and an AI processing component. This creates a transparency and privacy risk because users may provide account names, links, preferences, or content without understanding where that data is transmitted or stored.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "帮我关注公众号" is broad enough to match ordinary conversational requests about public accounts, which can cause the skill to activate unexpectedly. In this skill, unexpected activation matters because it can lead to web searches, memory writes, and eventual storage to Feishu, creating unintended data handling and action execution beyond the user's actual intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill records user keyword preferences into memory but does not clearly disclose persistence, retention, or how the data will be used. Because the same skill also performs scheduled pushes and can write to Feishu, silent preference storage increases privacy risk and can result in users being tracked or profiled without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal