AI助手自动求助技能

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises in part, but it can automatically send user context to outside AI services through logged-in accounts and retain the results without clear consent controls.

Install only if you are comfortable with the agent sharing task details with named third-party AI providers and potentially using existing browser sessions for those services. Before use, require confirmation of the exact prompt, remove secrets and private business or personal data, avoid automatic cookie/session use unless intentionally approved, and review any external AI plan before letting the agent act on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs automatic login via cookie checks and use of the user's third-party AI account, expanding behavior from asking an external AI into accessing authenticated sessions. This creates credential/session misuse risk and could cause the agent to act within user accounts without explicit, scoped consent.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The instruction to save third-party AI replies to memory has no retention limit, sensitivity filter, or purpose restriction. Because prompts may include user data and external replies may echo or transform that data, this creates unnecessary persistence of potentially sensitive information.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill presents itself as only consulting external AI for a plan, but later mandates executing the returned plan. That mismatch weakens user expectations and oversight, increasing the chance that untrusted third-party instructions are acted upon automatically.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger phrases and auto-trigger conditions are broad and ambiguous, including ordinary uncertainty and partial confidence states. This makes unintentional invocation likely, which is especially risky because invocation causes data to be sent to third-party AI services.

Vague Triggers

High

Confidence: 96% confidence
Finding: The auto-trigger table includes fuzzy cases such as user questioning, needing manual steps, or confidence below 50%, without meaningful boundaries. In context, these conditions can silently escalate many benign interactions into external data sharing and account access flows.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill requires sending user questions to external AI services and later storing responses, but provides no disclosure, consent mechanism, or data handling limitations. This creates a direct privacy and data transfer risk, particularly if user prompts contain sensitive or regulated information.

Missing User Warnings

High

Confidence: 98% confidence
Finding: Encouraging automatic login and cookie checking without warnings or safeguards invites the agent to access browser session material and authenticated services beyond the user's clear request. This can expose tokens, cookies, or active sessions and enable unintended actions under the user's identity.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The prompt template tells the agent to package user background, attempted solutions, and current blockers into prompts sent to external AI systems, and the skill also requires preserving replies. This creates a natural-language exfiltration channel where sensitive user information may be disclosed to third parties and then retained.

Ssd 3

Medium

Confidence: 97% confidence
Finding: A blanket rule to save all AI replies to memory creates open-ended retention of potentially sensitive information derived from user prompts or third-party outputs. Even if the initial query seems harmless, broad retention increases the blast radius of later compromise or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal