Back to skill

Security audit

文游剧本生成系统

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent game-writing purpose, but its Word-export workflow appears to run a shell command using a user-controlled title, which could let a malformed title run unintended commands.

Review before installing. It appears intended to create text-game content and save a Word document, with no evidence of exfiltration or destructive behavior, but the export command should be fixed to sanitize the title and avoid shell interpolation; only use it with explicit export requests and benign titles until then.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to read a local file (`references/templates.md`) and claims no declared permissions, which creates a capability/permission mismatch. Even if the file is intended to be internal to the skill, undeclared file-read behavior weakens reviewability and can normalize broader filesystem access patterns in an agent runtime.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough to match common, benign user requests like '生成文字游戏' or '导出Word剧本', increasing the chance the skill auto-activates unexpectedly. In an agent environment, overbroad activation can cause unintended file operations, prompt hijacking of unrelated tasks, or unnecessary access to local resources.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The template corpus is written entirely in Chinese and does not indicate any user-language detection or opt-in behavior, which can cause unintended language forcing when the skill is invoked by users expecting another language. This is mainly a safety and usability policy issue rather than a direct security exploit, but it can still lead to misleading outputs and degraded user control.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The templates define very generic progression commands such as '继续', '下一月', '下周', and '重开', which are common phrases in ordinary conversation. In an agent environment, overly broad triggers can cause accidental state transitions or unintended skill activation during unrelated dialogue, reducing user control and increasing the chance of prompt/flow hijacking within the skill context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.