Back to skill

Security audit

Gaokao Essay

Security checks across malware telemetry and agentic risk

Overview

The essay generator is mostly offline and purpose-matched, but it includes an undocumented generic helper that can persist user-supplied text and command history locally.

Review before installing. Use only the documented scripts/essay.sh workflow for essay generation, and avoid invoking scripts/script.sh with sensitive text unless you are comfortable with local files being written under ~/.local/share/gaokao-essay or GAOKAO_ESSAY_DIR. The publisher should either remove the generic helper or clearly document its commands, storage paths, retention, and deletion behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The script is presented as a gaokao essay-related tool, but its embedded help text describes a generic multi-purpose utility with broad commands like run, config, init, export, and remove. This mismatch is suspicious because it obscures the tool’s real purpose and can mislead users or reviewers into trusting and invoking functionality unrelated to the advertised skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently stores user-supplied content in data files and logs command arguments to a history file without any clear notice, consent, retention policy, or data minimization. In an agent skill context, this can capture sensitive prompts, search terms, or operational data and silently leave them on disk, increasing privacy and data exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.