Back to skill

Security audit

Manage quark-auto-save(QAS, 夸克自动转存, 夸克转存, 夸克订阅) tasks via CLI.

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated QAS management purpose, but it gives an agent remote task/configuration and cloud-file mutation authority with broad activation and no confirmation safeguards.

Install only if you trust the QAS endpoint and token handling. Treat this as a powerful remote-control skill: ask the agent to confirm before adding, running, deleting, renaming, or updating tasks/files/config, and avoid using it with broad or untrusted prompts that merely contain Quark share links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger guidance says that when a user sends a pan.quark.cn link, the agent should fetch details and add a task, which is broad enough to activate on casual link sharing rather than a clear management request. This can cause unintended remote operations against the user's configured service and may process links the user did not intend to subscribe to.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes destructive operations such as delete-file, delete-task, update-task, and update-config without any warning or confirmation requirement. If invoked accidentally or through over-broad routing, these commands could delete cloud files or alter task state irreversibly.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill requires a user token and a base URL for a remote service but does not clearly warn that user content, task metadata, and authentication material are involved in remote API calls. This omission increases the risk of users exposing sensitive links or misconfiguring a non-local endpoint without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete-file command performs a destructive remote deletion immediately with no confirmation prompt, dry-run mode, or explicit safety guard. In an agent/automation context, a mistaken path, prompt-injected instruction, or malformed upstream input could cause irreversible cloud data loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The delete-task command rewrites the full remote task list and removes matching tasks without requiring user confirmation or showing the exact pending change. In an automated agent setting, accidental invocation or crafted input could silently delete scheduled tasks and disrupt automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.