Security audit

Windows剪贴板管理器

Security checks across malware telemetry and agentic risk

Overview

This clipboard-management skill asks for sensitive clipboard access, but the reviewed artifacts disclose that purpose and do not show hidden collection, network exfiltration, or persistence.

Install only if you want the agent to handle clipboard contents. Avoid using history or monitoring while copying passwords, API keys, financial data, or private messages; stop monitoring promptly and install the listed Python packages from a trusted environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill includes continuous clipboard monitoring code without any visible privacy notice, consent flow, retention policy, or scoping controls. Clipboard contents often contain passwords, tokens, personal data, or confidential business information, so silent monitoring can expose sensitive data even if the author likely intended a utility feature rather than surveillance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.