Security audit

设计框架套件 - 确认处理器

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only Telegram/design workflow helper, but its generic reply triggers could cause accidental confirmation or regeneration in a chat.

Install only as part of the intended design-framework suite after reviewing the referenced sender skill and any external scripts under $SK. Prefer explicit commands or structured replies for confirm/regenerate, bind replies to the originating user/session, and keep the temporary-file cleanup limited to the suite's own /tmp files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The confirmation handler accepts very broad everyday phrases such as “好的”, “ok”, “可以”, and “行” as approval signals. In a group chat or threaded workflow, these common acknowledgements can easily appear without explicit intent to approve the pending design task, causing unintended progression into the image-generation flow.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Using “重新” or an emoji like “🔄” as a regeneration trigger is ambiguous because these are common conversational responses and symbols. This can cause accidental regeneration, unnecessary compute usage, and state confusion, especially when the skill is activated merely by the presence of a shared lock file indicating a pending task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.