nuwa-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks the agent to broadly inspect local drives and scrape web content without clear user consent or limits.

Install only if you are comfortable with an agent using this Skill to search local documents and collect web content. Before using it, give it explicit directories and sources, avoid broad drive scans, and require confirmation before any scraping or file-reading work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes generic phrases such as “女娲”, “造人”, and “优化skill” that can overlap with normal conversation, increasing the chance the skill activates unintentionally. Because this skill can inspect local drives and collect web content, accidental invocation could lead to unnecessary file scanning, network activity, and privacy exposure beyond user intent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs inspection of local drives (E:\ and D:\), reading local documents, and performing automated web scraping with browser automation, but provides no clear consent, scope limitation, or privacy warning. In this context, the skill is more dangerous because it combines broad local data access with external collection workflows, creating real risk of unauthorized data exposure, excessive collection, or system-impacting behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal