Auto Llm 4840

Security checks across malware telemetry and agentic risk

Overview

This skill is a rough auto-generated Bilibili tutorial helper that may save invoked text locally, but I found no evidence of exfiltration, destructive behavior, credential access, or hidden installation.

Install only if you are comfortable with a skill that depends on a local Windows KnowledgeBase module and may save the text passed to it locally. Consider narrowing or disabling the "llm/agent" trigger if you often discuss LLMs or agents generally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The file advertises itself as an AI-agent-building tutorial, but its actual behavior is to modify a local KnowledgeBase by importing a module from a manually injected path and storing user-influenced content. This mismatch is dangerous because users or reviewers may approve or execute it under false assumptions, enabling unintended data writes and making malicious or unauthorized persistence easier to hide.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase "llm/agent" is overly broad and likely to match many ordinary user requests about LLMs, agents, or general AI topics. This can cause the skill to activate unintentionally, hijack unrelated conversations, and route users into content they did not request, which is a genuine security and safety boundary issue for agent skill selection.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal