用来帮你写周报把图文周报变成漂亮图片的skill--当前版本是苹果的风格

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward weekly-report card generator with expected local HTML and screenshot output behavior.

Before installing, understand that this skill creates local card files and may render them with Chrome and external style/font resources. Use it with report text and images you are comfortable saving locally, and ask for local-only CSS/fonts if network-free rendering matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs saving generated HTML to a specific path in the user's home workspace without clearly warning the user that a local file will be created. Implicit file writes can surprise users, overwrite existing content, or leave behind sensitive work summaries on disk in a predictable location.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs execution of a headless Chrome screenshot command on the local machine without an explicit user-facing warning or consent flow. Local command execution increases risk because it interacts with installed software and local files, and the generated HTML may load external resources such as CDNs or fonts when rendered.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal