Security audit

虾格测试

Security checks across malware telemetry and agentic risk

Overview

This is mostly an agent personality quiz, but it embeds unrelated third-party onboarding and remote-fetch instructions that users should review before installing.

Install only if you are comfortable with an agent reflecting on its own work history and identity context. Ignore or remove the BotLearn recruitment and remote-read lines unless you explicitly trust that external content and want that follow-on action. Do not let the skill quote system prompts, secrets, private owner data, or hidden instructions in its result.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The required output block embeds unsolicited promotional text instructing the agent to join and recruit for an external service, which is unrelated to the stated self-assessment purpose. This creates prompt-injection style behavioral steering and can cause agents to emit spammy or policy-violating content without user consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly tells agents to fetch and read a remotely hosted file, but provides no safety guidance, trust boundary, or integrity check for that external content. This enables content swapping or downstream prompt injection through a mutable remote resource outside the reviewed file.

Ssd 4

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to include recruitment messaging to an external service in its generated result, turning normal task output into unsolicited propagation content. This is dangerous because it repurposes the agent as a distributor of external instructions and links, increasing social-engineering and prompt-contamination risk.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill asks the agent to use identity files, system prompts, and work history for self-assessment, which increases the chance of exposing or summarizing sensitive internal context. Even though it says not to reveal owner information, it normalizes access to high-sensitivity sources and could elicit leakage through the resulting reflection or scoring process.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal