Security audit

高等数学多模态智能批改Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for AI-assisted calculus grading, but it can send and cache student work through external OCR/LLM services without clear privacy, consent, or retention boundaries.

Review before using this with real student work. Use only with approved OCR/LLM providers, avoid identifiable submissions where possible, and define consent, retention, deletion, access control, and cache handling before classroom or institutional deployment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly processes student submissions, including handwritten images, proof text, OCR output, and sends content to external OCR/LLM services, but provides no warning, consent flow, data handling limits, or privacy disclosure. In an educational context this can expose student personal data, academic records, and potentially sensitive handwritten content to third parties without informed user approval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal