Cjl Autoresearch Cc

Security checks across malware telemetry and agentic risk

Overview

This text-improvement skill can edit local prompts, skills, or plugins after confirmation, but its behavior is disclosed and no hidden or malicious activity was found.

Install only if you want an agent to iteratively edit selected text artifacts. Use explicit paths, decline confirmation if it activates on a casual request, and review changes carefully before continuing long runs, especially for installed skills or plugins.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The semantic triggers are broad everyday phrases like 'help me optimize this skill' and 'make the article smoother,' which can cause the skill to activate unintentionally in normal conversation. In an agentic environment, unintended invocation can lead to unexpected analysis or file-changing behavior, especially when the skill also describes iterative mutation and saving output.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README states that optimized content is saved to disk but does not clearly warn users up front that files may be modified. If users trigger the skill expecting analysis only, silent or poorly signposted writes can overwrite important prompts, skills, or documentation and create integrity and change-management risks.

Vague Triggers

High

Confidence: 95% confidence
Finding: 语义触发短语过于宽泛，如“帮我优化一下这个skill”“这个prompt不太行”“让文章更通顺”等，容易与普通对话重叠，导致技能在用户并未明确授权时被意外触发。对于会自动进入优化循环、生成修改建议甚至处理本地 skill/插件路径的能力，这种误触发会扩大操作面，造成非预期内容修改、错误上下文处理或对敏感文件的误操作。

Vague Triggers

Medium

Confidence: 89% confidence
Finding: 模式识别规则仅描述了触发的正例，却未清楚限定排除条件、优先级和冲突处理方式，容易让同一输入被错误分类为 Skill、Plugin、Prompt、Article、Workflow 或 System 模式。错误模式选择会改变后续检查清单、测试用例和修改策略，在自动优化场景下可能对错误对象执行不合适的变异和保存操作。

Vague Triggers

High

Confidence: 95% confidence
Finding: The semantic triggers are broad enough to activate on many ordinary requests to 'improve' or 'polish' content, which can cause this skill to intercept tasks outside its intended scope. In an agent environment, overbroad activation can misroute user intent, override more appropriate skills, and lead to unintended mutation/testing loops on arbitrary content.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The keyword/trigger logic includes generic terms like optimize, improve, refine, and enhance, which are common across many unrelated requests and are not unique to this skill. This increases the chance of accidental activation and inappropriate handling of tasks, especially because the skill then initiates a complex optimization workflow with persistent loop behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal