Back to skill

Security audit

mingxi-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese structured-analysis skill with local helper scripts and disclosed local tracking, with no evidence of exfiltration, credential access, destructive actions, or hidden installation behavior.

Install this if you want a Chinese-language structured analysis framework. Be aware it may trigger on common Chinese words like “分析” or “评估,” and its judgment tracker stores local records under ~/.openclaw/judgment_tracker.db when used. Review or avoid the tracker script if you do not want persistent local analysis history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is very broad, including generic terms like '分析', '诊断', '评估', and '复盘', which are common in ordinary conversations. This increases the chance of unintended activation, causing the skill to inject its workflow and constraints into unrelated tasks, potentially overriding user intent or causing inappropriate data handling in contexts where the framework was not requested.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill description is entirely Chinese and presents a fixed methodology without indicating that language should follow user preference. In multilingual environments, forcing a specific language can degrade transparency and consent, and may cause users to receive instructions or outputs they cannot adequately review, increasing the risk of misunderstanding or misuse.

Natural-Language Policy Violations

Low
Confidence
93% confidence
Finding
The workflow hardcodes a Chinese self-check phrase for TCR-E outputs: '这个结论的反面有没有可能成立?'. While not directly enabling code execution or data exfiltration, it imposes output in a language the user may not understand, reducing usability and auditability of the model's self-critique in sensitive analytical contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The TCR explicitly classifies '生成文档/表格/图片、操作文件、执行脚本' as routine tasks and instructs the agent to call the corresponding skill while '绕过所有分析纪律'. That means potentially system-impacting actions such as file operations and script execution can be routed without any safety review, confirmation, or warning, increasing the chance of harmful or unintended changes.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The template is written entirely in Chinese and describes a mandatory output format without offering any user-language choice or opt-in. In a general-purpose agent skill, this can cause the assistant to override or ignore the user's preferred language, reducing usability and potentially causing misunderstandings in high-stakes analysis or review contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.