Back to skill

Security audit

Zhihu Writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent writing-assistant skill that fetches public trend data and may save generated drafts locally, with no evidence of malware, credential use, exfiltration, or destructive behavior.

Install only if you want a Chinese Zhihu/Yanyan writing workflow. Before using archive steps, confirm the destination path and filenames so drafts are not saved unexpectedly, and review any persona/account details or publishing advice before posting under your own name.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases for topic selection are broad enough to match ordinary writing-assistance requests, which can cause the skill to activate unexpectedly outside the user's intended context. In an agent environment, ambiguous activation can redirect benign requests into network-fetching, trend-chasing, or publishing-oriented behavior without clear user consent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The short-story generation triggers are generic creative-writing requests, so the skill may intercept normal storytelling prompts that were not meant to invoke this specialized workflow. That increases the chance of unintended behavior, including steering users toward monetization, platform-specific content shaping, and file persistence flows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The dual-track workflow trigger is ambiguous because it overlaps with ordinary requests about current topics and adaptation ideas while bundling two different content-production paths. This can lead to overbroad activation and unexpected execution of a more complex workflow than the user intended.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs saving output to a local filesystem path without warning the user that files may be created or modified. In an agent setting, silent persistence can expose private content, clutter user storage, or overwrite existing notes if filenames collide.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This introduces an additional archive path for drafts, expanding the amount of content that may be silently persisted on the local machine. Because the content includes creative drafts and metadata, unintended writes can create privacy, retention, and data-management risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The archive rules formalize persistent storage locations, naming conventions, and templates, which increases the likelihood of automatic local file creation without informed consent. Structured persistence also raises the risk of accumulating sensitive writing history and status metadata over time.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.