Security audit

AI开发者发布助手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real release-content helper, but users should review it because it can send project information and publishing assets to several external services, including an under-disclosed Feishu notification channel.

Review workflow.json before installing. Use it only for public or non-sensitive projects, disable Feishu notifications unless intended, use least-privilege Brave/WeChat credentials, and manually review generated articles and images before any WeChat upload or publication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The README states that the tool will automatically fetch repository metadata from a GitHub URL, but it does not clearly warn users that this causes outbound network access and transmits user-supplied repository information to external services. In a skill chaining multiple third-party components, weak disclosure can lead to unintentional data exposure, especially if users provide internal, private, or sensitive repository links by mistake.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation phrases are broad enough to match ordinary writing, product, and marketing requests, which can cause the skill to trigger when the user did not explicitly ask for this release workflow. Because the skill chains external search, image generation, and WeChat article tooling, over-broad activation increases the chance of unintended data sharing and surprising actions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow sends project details to multiple third-party services and states that images may be auto-uploaded for WeChat article generation, but the skill does not clearly warn users about this data flow up front. This can lead to unintentional disclosure of unreleased project information, repository details, or generated assets to external providers during normal use.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The skill is framed with broad activation language such as when the user wants to 'publish open source project', 'write release announcement', or 'do product introduction', but it defines no constraints, exclusions, or approval gates. In agent environments, overly broad invocation criteria can cause the workflow to run in unintended contexts, leading to unnecessary data sharing with third-party tools, generation of promotional content without sufficient user intent validation, or accidental processing of sensitive project details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.