Skills
skills/vigorx777/content-collector-skill/content-collector/Snyk

content-collector

Fail

Audited by Snyk on Apr 1, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes a concrete Feishu app_token and shows embedding app_token/table_id directly in API calls/examples, which encourages the LLM to output secret values verbatim (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The package is high-risk: it is designed to proactively collect user-shared links/screenshots and upload full content into a remote Feishu workspace (includes hard-coded Feishu app/table IDs and a hard-coded parent folder ID, reads local/ENV user access tokens, and auto-uploads backups), and it explicitly instructs use of scraping/evasion (Scrapling "绕过反爬") — all indicating privacy-invasive data exfiltration and potential centralized collection/backdoor usage; no obfuscated code, eval/remote shells, or dynamic code-exec patterns were found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public social-media and web content (e.g., X/Twitter, mp.weixin.qq.com, Reddit and "generic" URLs) via extract_content.py and references/platforms.md routing to web-content-fetcher (Scrapling), defuddle and x-tweet-fetcher, and then feeds the extracted article text into LLM summarization/generate_tags.py and downstream actions (save_to_bitable.py), so untrusted third‑party content can influence model outputs and subsequent tool actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the full skill prompt for literal, high-entropy values that could grant access to services.

Flagged item:

  • The example call in section 4.5 contains app_token="ND8ObCuSya5Dv3sREZYc03Ilngh". This is a high-entropy, alphanumeric literal used as an app token for Feishu bitable and appears to be a real credential (not a placeholder). It directly matches the "secret" definition (literal value that provides access to a service), so it should be treated as a hardcoded secret.

Ignored items and why:

  • table_id="tblaHDM5kjtikIl9": This looks like a resource identifier rather than a secret credential. Identifiers alone typically do not grant access without a valid token, so I did not classify it as a secret.
  • app_token="..." and other placeholders like "your_app_token", "your_app_token" in config examples and ellipses are documentation placeholders or redacted values — ignored per the rules.
  • Other strings in the doc (e.g., example tags, simple example passwords, environment variable names) are low-entropy/documentation placeholders and therefore ignored.

Conclusion: there is one hardcoded secret-like value present (the Feishu app token in the example).

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 1, 2026, 01:32 AM
Issues
4