英语打卡（每日学习每日练）

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed English study check-in helper; its main risk is that users must point it only at a trusted learning-checkin script.

Install this only if you also trust the separate learning-checkin skill. Use an explicit path to the intended learning_checkin.py, avoid setting LEARNING_CHECKIN_PATH in untrusted shells or projects, and expect the skill to keep small local progress and quote-history files in its data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: return None, "learning-checkin 未安装，请先安装 learning-checkin skill" try: result = subprocess.run( [sys.executable, str(script_path), "init"], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( [sys.executable, str(script_path), "init"], capture_output=True, text=True, encoding='utf-8', timeout=30

subprocess module call

Medium

Category: Dangerous Code Execution
Content: return None, "learning-checkin 未安装" try: result = subprocess.run( [sys.executable, str(script_path), command], capture_output=True, text=True,
Confidence: 98% confidence
Finding: result = subprocess.run( [sys.executable, str(script_path), command], capture_output=True, text=True, encoding='utf-8', timeout=30

Tainted flow: 'script_path' from os.environ.get (line 79, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: return None, "learning-checkin 未安装，请先安装 learning-checkin skill" try: result = subprocess.run( [sys.executable, str(script_path), "init"], capture_output=True, text=True,
Confidence: 99% confidence
Finding: result = subprocess.run( [sys.executable, str(script_path), "init"], capture_output=True, text=True, encoding='utf-8', timeout=30

Tainted flow: 'script_path' from os.environ.get (line 79, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: return None, "learning-checkin 未安装" try: result = subprocess.run( [sys.executable, str(script_path), command], capture_output=True, text=True,
Confidence: 99% confidence
Finding: result = subprocess.run( [sys.executable, str(script_path), command], capture_output=True, text=True, encoding='utf-8', timeout=30

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The declared functionality is an English learning check-in tool, but the implementation can execute arbitrary external Python code from a user/environment-controlled path. This mismatch materially increases risk because users and reviewers may grant trust based on the benign description while the code has a much broader and more dangerous execution capability.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: These lines introduce a configurable script path via environment variable and command-line argument, enabling execution of an arbitrary Python program unrelated to the skill's stated role. In skill ecosystems, this is especially dangerous because environment and launcher parameters are often easier for other components or operators to influence than source code itself.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill repeatedly launches an external script for core operations such as init, checkin, status, and version, extending its capability beyond a simple check-in function. In context, this makes the skill an execution wrapper around another program, so compromise of that path or dependency compromises the whole skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal