Everything 文件搜索

Security checks across malware telemetry and agentic risk

Overview

This local file search skill appears to support user-triggered file transfer, but the file-reading/export path is broad and not clearly scoped or warned about.

Review before installing. Use it only if you are comfortable with the skill reading and returning the full contents of files found by search. Avoid using it on directories containing secrets, credentials, private documents, or work data unless the skill adds explicit confirmation, path/type allowlists, and clear warnings before any file is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill's stated purpose is local file search, but it also reads matched files and returns their full contents as base64. That materially expands the capability from discovery to exfiltration, which can expose sensitive local data without that behavior being clearly justified by the declared functionality.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code opens any selected file path, reads its bytes, and packages the contents for return. Because search results can include arbitrary local files, this creates a direct arbitrary local file extraction path unrelated to the narrow search use case.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly supports sending local files but provides no warning about privacy, confidentiality, or data disclosure risks. In a local file search context, this is dangerous because users may unknowingly transmit sensitive documents, credentials, keys, or personal data discovered by the search function.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill offers a natural-language command to send files but does not present an explicit warning that the file's contents will be exposed outside the local machine/session context. This increases the chance of accidental disclosure of confidential documents by users who may think they are only referencing a file, not transmitting its contents.

Ssd 3

High

Confidence: 98% confidence
Finding: The result message explicitly instructs the user to use a plain-language command to send a selected file, making sensitive local data disclosure an intended workflow. In an agent skill context, plain-language triggers lower the barrier to exfiltration because the action is easy to invoke and appears as a normal supported command.

Ssd 3

High

Confidence: 99% confidence
Finding: The handler accepts a natural-language '发送 [序号]' command and directly routes it to file reading and return. This creates a simple, user-facing arbitrary local file disclosure path once any matching file appears in search results, which is especially risky in an agent environment handling untrusted or ambiguous prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal