Chinese Daily Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local daily/weekly report-writing skill that clearly saves Markdown reports, with no evidence of hidden code, credentials, or external sharing.

Install this if you want the agent to create local daily or weekly Markdown reports. Avoid including secrets or highly confidential workplace details unless your workspace is protected, and ask the agent for a draft-only/no-save report when you do not want notes persisted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly says generated reports will be automatically saved to workspace paths, but it does not clearly warn users that invoking the skill causes file creation and persistence of potentially sensitive work notes. In a reporting skill, users may include confidential project details, personnel notes, deadlines, and incident information, so silent persistence increases the risk of unintended local data exposure or retention.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that reports are automatically saved to the filesystem without clearly warning the user or requiring explicit confirmation before writing. In an agent environment, silent file writes can create privacy, consent, and data-governance risks, especially because work reports may contain sensitive business information, personal notes, or internal project details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal