Security audit

Wanxiang Scroll Interactive

Security checks across malware telemetry and agentic risk

Overview

This appears to be a writing guidance skill, with only a minor risk that broad trigger phrases could activate it unexpectedly.

Install this as a benign writing-assistance skill. Be aware that broad Chinese writing phrases may cause it to activate for general writing requests; prefer explicit invocation if your agent supports it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad phrases such as “深入浅出” and “知识写作”, which can easily appear in normal user requests unrelated to this specific skill. In an agent system, overly generic activation phrases can cause unintended routing or invocation, leading to prompt/skill confusion and unexpected behavior, though the content here is instructional rather than directly harmful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.