Back to skill

Security audit

Weibo Hot With Your Taste

Security checks across malware telemetry and agentic risk

Overview

The skill’s goal is coherent, but it asks the agent to store and reuse sensitive API secrets and Weibo session cookies locally and to run scheduled workflows with limited scoping guidance.

Review before installing. Use only dedicated, least-privilege LLM and Feishu credentials, consider a separate Weibo account, keep the env files out of shared workspaces and repositories, restrict file permissions, and review the GitHub scripts before enabling recurring no_agent jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrase list includes very broad everyday language such as “调研”, which can plausibly appear in normal conversation unrelated to this skill. In an agent environment, overly generic triggers can cause unintended activation and execution of workflows that read local files, call external scripts, or process prior pushed content without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs collection and storage of sensitive credentials including LLM API keys, Feishu app secrets, and Weibo login cookies, but does not present a clear user-facing privacy warning, retention policy, or access boundary. This increases the risk that users supply high-value secrets without understanding where they are stored, who can read them, or how long they persist.

Credential Access

High
Category
Privilege Escalation
Content
│   ├── fit_taste.py          # 偏好特征自适应优化:根据反馈和分类变化,LLM 全面优化 taste.yaml 全部七项配置
│   ├── init/
│   │   ├── taste.py        # 偏好初始化:配置领域关键词→配置喜欢/不喜欢的话题类型→配置召回关键词→偏好访谈→生成特征规则
│   │   ├── llm_feishu.py      # LLM/飞书凭据配置:写入 .llm.env / .feishu.env
│   │   ├── weibo_get_qr.py     # 微博登录步骤1:获取二维码,浏览器保持运行
│   │   └── weibo_wait_login.py  # 微博登录步骤2:等待扫码,保存 Cookie
│   ├── env/
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
│   ├── fit_taste.py          # 偏好特征自适应优化:根据反馈和分类变化,LLM 全面优化 taste.yaml 全部七项配置
│   ├── init/
│   │   ├── taste.py        # 偏好初始化:配置领域关键词→配置喜欢/不喜欢的话题类型→配置召回关键词→偏好访谈→生成特征规则
│   │   ├── llm_feishu.py      # LLM/飞书凭据配置:写入 .llm.env / .feishu.env
│   │   ├── weibo_get_qr.py     # 微博登录步骤1:获取二维码,浏览器保持运行
│   │   └── weibo_wait_login.py  # 微博登录步骤2:等待扫码,保存 Cookie
│   ├── env/
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
│   │   ├── weibo_get_qr.py     # 微博登录步骤1:获取二维码,浏览器保持运行
│   │   └── weibo_wait_login.py  # 微博登录步骤2:等待扫码,保存 Cookie
│   ├── env/
│   │   ├── .llm.env          # LLM 配置(llm_model / llm_base_url / llm_api_key)
│   │   ├── .llm.env.example
│   │   ├── .feishu.env       # 飞书应用凭据
│   │   ├── .feishu.env.example
Confidence
94% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
│   ├── env/
│   │   ├── .llm.env          # LLM 配置(llm_model / llm_base_url / llm_api_key)
│   │   ├── .llm.env.example
│   │   ├── .feishu.env       # 飞书应用凭据
│   │   ├── .feishu.env.example
│   │   ├── .weibo.env        # 微博 Cookie(weibo_sub + weibo_cookies_json)
│   │   └── .weibo.env.example
Confidence
94% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
│   │   ├── .llm.env.example
│   │   ├── .feishu.env       # 飞书应用凭据
│   │   ├── .feishu.env.example
│   │   ├── .weibo.env        # 微博 Cookie(weibo_sub + weibo_cookies_json)
│   │   └── .weibo.env.example
│   ├── config/
│   │   ├── base.yaml         # 基础配置(LLM参数、飞书重试策略、摘要补充模式)
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
agent 首次使用时应检查这 3 个文件是否存在,对缺失的逐一询问配置。

> **⚠️ agent 注意**:
1. `.llm.env`、`.feishu.env`、`.weibo.env` 是以 `.` 开头的隐藏文件。部分工具的 glob 匹配(如 `search_files(pattern='.llm.env')`)对隐藏文件支持有缺陷,可能返回假阴性。**用 `ls -la scripts/env/` 或直接 `Read` 目标路径确认**,不要单独依赖 glob 搜索结果。
2. Hermes 等agent框架会拦截终端中出现的 key 明文。**不要直接在终端 echo/cat/粘贴 key**,应写 Python 脚本从 Hermes 配置(`config.yaml`、环境变量)读取实际值后调用 `write_file` 写入 `.llm.env` / `.feishu.env`,避免 key 泄露到终端历史。
Confidence
97% confidence
Finding
.env'

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.