Security audit

Interior Fullplan

Security checks across malware telemetry and agentic risk

Overview

This is a local interior-design document generator with a valid filename-safety issue, but no evidence of hidden access, networking, credential use, or malicious behavior.

Reasonable to install if you want a local Chinese-oriented interior-design Markdown generator. Use simple project names without slashes, '..', or absolute paths, and check for an existing Desktop file with the same name before running. Treat the embedded design and construction norms as planning assistance, not a substitute for local code compliance or professional review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tainted flow: 'output_path' from input (line 357, user input) → open (file write)

Medium

Category: Data Flow
Content: ) output_path = os.path.join(os.path.expanduser("~/Desktop"), f"{project}_全案方案.md") with open(output_path, "w", encoding="utf-8") as f: f.write(content) print(f"✓ 全案方案已生成: {output_path}")
Confidence: 94% confidence
Finding: with open(output_path, "w", encoding="utf-8") as f:

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal