Security audit

yanxue

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it needs review because its save helper can write files outside the advertised folder and its examples may influence materials for minors.

Install only after reviewing the save behavior. Use simple course names without slashes, absolute paths, or .., verify where files are saved/exported, avoid storing unnecessary student details, install Python dependencies from trusted sources, and review generated course plans for safety, neutrality, and age appropriateness before sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises and documents local file read/write capabilities, including reading from reference directories and saving generated content to disk, but the metadata shown declares no permissions. This creates a transparency and governance gap: users and platforms cannot accurately assess or gate the skill's filesystem access, increasing the chance of unintended data access or persistence.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill states that generated plans can be automatically saved to /home/ubuntu/yanxue_courses/ but does not clearly warn users at the point of use that content will be written to local storage. Automatic persistence can expose sensitive educational or organizational data, create unexpected artifacts on disk, and surprise users who expected ephemeral processing.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document includes minors' participation in multiple high-risk amusement activities such as high-altitude walking,漂流,滑道, and ride bundles, but the safety guidance remains generic and omits concrete eligibility limits, supervision ratios, emergency procedures, medical contraindications, and consent requirements. In the context of a school trip plan, that gap can lead to foreseeable physical harm because organizers may rely on the document as an operational safety baseline.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The document explicitly frames the activity around compulsory endorsement of a specific political ideology and party loyalty for primary-school students, without any indication of neutrality, parental choice, or educational balance. In an educational content generation and management skill, this can lead to systematic production and distribution of coercive ideological material to minors, creating compliance, reputational, and child-safety concerns depending on deployment context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.