Security audit

中考真题检索

Security checks across malware telemetry and agentic risk

Overview

This exam-paper search skill does what it says, but its download and extraction workflow is too broad and weakly protected for automatic installation.

Review before installing. Use only a dedicated download folder, confirm each URL and output path, avoid social-media or cloud-drive sources unless necessary, scan downloaded files, extract archives in an isolated directory, and do not upload anything to a knowledge base until verification succeeds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs use of network access, local file reads, downloads, and archive extraction, but does not declare permissions or clearly bound those capabilities. This creates a transparency and policy-enforcement gap: users or the host platform may not realize the skill can fetch untrusted content and write/extract it locally, increasing risk from malicious files or unsafe destinations.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are very broad and overlap with ordinary educational queries such as exam prep, subject names, and regional study terms. This can cause unintended invocation of a skill that performs web searches, downloads files, and may extract archives, leading to actions on behalf of users who did not explicitly request file retrieval or local file operations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly downloads remote files and extracts ZIP/RAR archives without prominent warnings about file writes, archive traversal risks, overwrite behavior, or the danger of handling untrusted compressed content. Because the sources include low-trust sites and even social media, this substantially increases the chance of users retrieving malicious or misleading files, or writing unexpected files to the local system.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script explicitly disables TLS certificate and hostname verification for all HTTPS downloads, which allows a man-in-the-middle attacker to intercept or replace exam files in transit. In a download utility that fetches files from arbitrary URLs, this materially weakens transport security and can result in users receiving tampered or malicious content while believing it came from the intended site.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.