Security audit

36氪AI测评 - 36kr AI Notes

Security checks across malware telemetry and agentic risk

Overview

This is a read-only 36kr AI-notes lookup skill, with minor disclosed cross-promotion but no evidence of hidden access, credential use, persistence, or automatic installation.

Reasonable to install if you want a read-only 36kr AI review-note viewer. Treat returned titles, links, images, and summaries as third-party content, and only install the suggested related skills if you explicitly want them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill's stated purpose is fetching and displaying AI notes, but the documentation adds mandatory post-execution promotion and installation guidance for unrelated skills. This expands the agent's behavior beyond user intent and can be abused to steer users toward unrequested actions or additional capability installation.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The documentation instructs the agent to inspect the environment for installed skills, which is not necessary to fulfill the core function of retrieving AI notes. Unneeded environment inspection increases privacy and capability exposure and creates a precedent for unrelated enumeration of the user's setup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.