quicker-connector

Security checks across malware telemetry and agentic risk

Overview

The skill is a real Quicker automation connector, but it can auto-run local or remote actions and has under-disclosed credential and network behavior.

Review this carefully before installing. Use it only if you are comfortable letting an agent invoke Quicker actions on your Windows machine. Avoid configuring push_user/push_code unless you intentionally need remote Quicker execution, protect config.json, and require manual confirmation before any action execution or file export.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (28)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: cmd.append(action_cmd) if wait_for_result: process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
Confidence: 95% confidence
Finding: process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True,

subprocess module call

Medium

Category: Dangerous Code Execution
Content: exit_code=exit_code ) else: subprocess.Popen( cmd, shell=True, creationflags=subprocess.DETACHED_PROCESS
Confidence: 98% confidence
Finding: subprocess.Popen( cmd, shell=True, creationflags=subprocess.DETACHED_PROCESS )

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The initialization flow collects and persists Quicker cloud push credentials in config.json even though the skill description emphasizes local CSV/database integration. Storing service credentials on disk expands the skill's privilege scope and creates unnecessary exposure if the config file is read by other local users, backed up insecurely, or later used by other code paths to trigger remote actions.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Prompting the user for Quicker cloud push credentials introduces a capability beyond the stated purpose of reading and searching local action lists. In a connector that can also execute actions, these credentials could enable remote triggering through Quicker's cloud service, increasing the blast radius if the skill is modified, compromised, or misunderstood by users.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill metadata emphasizes local Quicker integration, but the implementation also supports remote cloud-triggered action execution. This capability expansion is security-relevant because it changes the trust boundary, enabling off-host execution triggers and transmission of credentials/data to an external service that a user may not expect from the manifest description.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The file contains network functionality that can remotely trigger actions through an external HTTPS endpoint, which materially increases attack surface beyond simple local indexing/search. In an automation skill, remote execution is a sensitive capability and should be tightly justified, disclosed, and constrained.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The method presents the user with a choice of actions but never actually collects input; it always selects the top-scoring match. In a skill whose purpose is to invoke local automation actions, this mismatch can cause unintended execution of the wrong action, especially when action matching is based on imperfect natural-language relevance scores.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation explicitly states that actions may be auto-executed when the top match score exceeds a threshold, without requiring user confirmation. In a skill that bridges natural-language input to local Windows automation actions, this creates a real risk of unintended system changes or dangerous action execution due to misclassification or prompt ambiguity.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The report explicitly describes a natural-language trigger using broad keywords such as '快速' and similar variants, which can collide with normal conversation and cause the skill to activate when the user did not intend to invoke Quicker automation. In this skill's context, accidental activation is more concerning because the connector can search and execute local Quicker actions, so misfires may lead to unintended automation on the host.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The planned step to '补充更多触发词' expands activation surface without any stated scope controls, negative examples, or collision testing. For an automation skill tied to local execution, broadening ambiguous trigger coverage increases the chance of unintended invocation and therefore unintended action execution or user confusion.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The instructions recommend overwriting live SKILL.md and skill.json files and restarting the gateway, but they do not prominently warn about production impact, configuration drift, backup requirements, or rollback validation. In a live agent environment, this can cause unexpected behavior changes, broaden permissions, or enable altered triggering/execution logic without adequate operator review.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly markets action execution and natural-language matching, but it does not prominently warn that matched actions may trigger real local automation with side effects such as launching programs, sending keystrokes, or invoking external tools. In a skill whose core purpose is executing local Quicker actions, missing safety guidance increases the chance of unintended or overly broad automation being run by users or agents.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README explicitly advertises 'Precise Execution' and the configuration includes an 'auto_select_threshold' for auto-execution, but it does not clearly warn that matched Quicker actions may trigger local automation, keystrokes, programs, or other system-affecting behavior. In this skill context, that omission is significant because the connector is designed to bridge natural-language requests to execution of local actions, increasing the chance of unintended or unsafe automation if users do not understand the risk.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The README promotes one-click JSON export of the complete action list without warning that exported data may contain sensitive action names, descriptions, URIs, application paths, panel organization, or other workflow metadata. In this skill, the exported inventory can reveal local tooling and automation capabilities, which creates privacy and integrity concerns if the file is shared, stored insecurely, or consumed by other tools without validation.

Vague Triggers

High

Confidence: 88% confidence
Finding: The trigger list includes broad terms such as 'quick', '快速', and regex-style phrases that can match ordinary conversation, making accidental activation likely. In this skill's context, accidental activation is more dangerous because the skill can search for and execute local automation actions, potentially causing unintended system changes.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: Examples like '帮我翻译这段文字' are generic user requests that do not explicitly mention Quicker, which teaches the model to route normal assistant tasks into this automation skill. That ambiguity increases the chance the skill will intercept unrelated requests and trigger automation when the user expected a normal conversational response.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list includes overly broad everyday terms such as "quick", "快速", and regexes like "用.*quicker" / "quicker.*帮我", which can match normal user requests unrelated to explicit tool invocation. Because this skill can progress from matching to local action execution via QuickerStarter, accidental activation materially increases the chance of unintended automation being launched.

Vague Triggers

High

Confidence: 94% confidence
Finding: The examples normalize broad requests like "帮我翻译这段文字" as valid activation paths even though they do not explicitly mention Quicker. In an agent environment, this teaches the model to route generic assistance requests into a skill that can execute local automations, creating a realistic risk of unintended tool use.

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger examples section includes generalized help phrasing that lacks a strict invocation boundary, reinforcing permissive matching behavior. In context, this is dangerous because the skill is not read-only: it supports executing actions, so loose examples can increase accidental or socially engineered activation.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The natural-language trigger list includes very broad Chinese terms such as '快速' and generic regexes like '用.*quicker', which can match ordinary user requests and invoke this skill unexpectedly. In this skill, unintended invocation is more dangerous because it has subprocess execution and file write capabilities, so accidental routing could lead to local action execution or data changes the user did not mean to authorize.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example '帮我翻译这段文字' is generic and demonstrates invocation without naming Quicker, reinforcing ambiguous triggering behavior. Because this skill can select and execute local automation actions, generic invocation examples increase the chance that routine requests are misrouted into a powerful local automation path.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The manifest advertises executing local Quicker actions, reading databases/CSV files, and writing files, but provides no user-facing warning that these operations can affect the local system or user data. In context, this omission is significant because Quicker actions may encapsulate arbitrary automation behavior, making the impact of execution broader than a simple read-only integration.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The export capability accepts a user-specified output path and has file-system-write permission, but the manifest does not warn about creating or overwriting local files. While lower impact than code execution, this can still cause unintended data loss or writes to sensitive locations if the path is mis-specified or manipulated.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The remote push path sends account email, verification code, action name, and optional data to a cloud endpoint without any user-facing warning or consent flow in this file. That creates both credential-exposure and remote-action risks, especially if sensitive data is included in data or if the API is invoked unexpectedly by higher-level agent logic.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The local execution path can start arbitrary Quicker actions and optionally pass parameters, yet there is no confirmation, policy check, or allowlist. In an agent skill, this is dangerous because natural-language requests can be translated into automation actions that may launch programs, alter files, or perform other sensitive operations on the host.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal