Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- 技能指示在运行时执行 `pip install ebooklib beautifulsoup4`,这会修改执行环境并引入未固定版本的外部依赖。即使目的是处理 EPUB,这种动态安装也扩大了供应链和环境污染风险,并可能触发非预期的网络访问或安装恶意/被篡改的软件包。
Openclaw
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward book-reading and summarization helper, with disclosed dependency and CDN cautions but no evidence of hidden data access or harmful behavior.
Use this in a project folder or virtual environment if you let it install Python packages, and be aware that the generated HTML reader may fetch marked.js from a CDN when opened. Do not add API keys to the generated HTML; the skill explicitly says not to embed them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)
Context-Inappropriate Capability
Low
- Confidence
- 83% confidence
- Finding
- HTML 阅读器依赖 marked.js CDN,意味着打开本地生成的阅读器时会请求外部网络资源。对一个静态书籍分析技能而言,这会带来供应链篡改、隐私泄露和离线不可用等风险,且与“自包含”目标不一致。
VirusTotal
64/64 vendors flagged this skill as clean.