Security audit
Huoshan Qifu Knowledge Router
Security checks across malware telemetry and agentic risk
Overview
The skill is a read-only Feishu knowledge router with clear scope, user-based authorization, and no executable installer or mutation behavior.
Install only if you expect the agent to query the specified Feishu Bitable catalog and, when needed, read Feishu documents using your own account permissions. Review requested OAuth scopes before authorizing; the artifact directs read-only access and prohibits edits, sharing, comments, credential exposure, and broad domain scope requests.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.