Security audit

高等数学智能作业布置Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent education workflow skill, but users should handle student data and notifications carefully.

Install only if you are authorized to access the student records and class channels involved. Before using it with real learners, set clear limits for what student data may be analyzed, confirm the target class or recipient list before reminders are sent, avoid exposing grades or sensitive details in messages, and follow your institution's privacy and retention rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill explicitly analyzes student profiles and schedules assignment releases/reminders, which implies processing student performance data and class identifiers, but it provides no privacy, consent, retention, access-control, or notification-safety guidance. In an educational context this can expose sensitive student data, enable unauthorized profiling, or cause unintended messaging if integrated carelessly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal