sx-security-audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local security-audit skill with optional Feishu report sharing; its sensitive access is expected for its purpose, but reports should be treated as confidential.

Install only if you want a local audit tool to inspect sensitive configuration, environment, shell, Git, dependency, and network-port information. Prefer targeted checks with --check when you do not need a full audit, review generated reports before sharing, and use the Feishu sender only after confirming the webhook or plugin destination and redacting sensitive details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill describes capabilities to read environment variables, scan files, write reports, execute shell commands, and make network requests, but it does not declare permissions or present clear consent boundaries for those sensitive operations. This creates a transparency and sandboxing problem: users and the platform may authorize the skill without understanding that it can access secrets and exfiltrate results.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill is presented as a local security audit tool, but the documentation also includes sending audit reports to Feishu via plugin APIs or webhooks. Because the audit scope includes environment variables, config files, git diffs, and secret detection, this mismatch can lead to sensitive findings being transmitted to external services without users fully appreciating that risk.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: This script reads the full security audit report and transmits its contents to externally configured Feishu/OpenClaw endpoints, which can expose sensitive findings, environment details, paths, and remediation data outside the local audit boundary. In a security-audit skill, reports often contain confidential information, so outbound delivery is a real data-exfiltration risk unless it is explicitly user-consented, narrowly scoped, and documented.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly states that the skill scans environment variables and can send reports to Feishu, yet it lacks a prominent privacy warning or explicit disclosure that secrets and system metadata may be collected and transmitted. In a security-audit context this is especially dangerous because the scanned data is likely to include credentials, tokens, configuration secrets, and internal network details.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal