Back to skill

Security audit

CSDN 文章发布

Security checks across malware telemetry and agentic risk

Overview

This skill transparently automates posting a CSDN article, but users should review the account, title, and content before allowing the final publish action.

Install this only if you want an agent to operate your logged-in CSDN browser session. Before use, make sure the browser profile is logged into the intended account and review the exact title and article content before allowing publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill proceeds directly from filling the article to clicking the publish button without an explicit final confirmation from the user. This can cause unintended public posting, accidental disclosure of sensitive or draft content, and unwanted actions under the user's authenticated CSDN account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.