B站视频下载与解析

Security checks across malware telemetry and agentic risk

Overview

The skill shows a limited local-download workflow concern, but no evidence of deception, exfiltration, destructive behavior, or high-impact hidden authority.

Install only if you are comfortable with the agent downloading remote content you provide and creating local workspace files. Prefer explicit prompts, review where files will be stored, avoid untrusted or oversized links, and clean up retained files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to download remote content and write it into the workspace without explicit user confirmation or a warning that local files will be created and retained. This can lead to unexpected disk usage, persistence of untrusted media, and unsafe handling of attacker-controlled content in a shared or sensitive workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal