Back to skill

Security audit

Windows剪贴板管理器

Security checks across malware telemetry and agentic risk

Overview

This clipboard-management skill asks for sensitive clipboard access, but the reviewed artifacts disclose that purpose and do not show hidden collection, network exfiltration, or persistence.

Install only if you want the agent to handle clipboard contents. Avoid using history or monitoring while copying passwords, API keys, financial data, or private messages; stop monitoring promptly and install the listed Python packages from a trusted environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes continuous clipboard monitoring code without any visible privacy notice, consent flow, retention policy, or scoping controls. Clipboard contents often contain passwords, tokens, personal data, or confidential business information, so silent monitoring can expose sensitive data even if the author likely intended a utility feature rather than surveillance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.