职业教育政策信息抓取工具 | Vocational Education Policy Scraper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a benign vocational education policy scraping helper, with the main caution that users should understand any enabled scraping or cron examples may contact government websites and write local result files.

Install only if you are comfortable running a research scraper against public government websites. Review the output path before running commands, avoid enabling cron unless you want repeated execution, and follow the target sites’ access rules and rate limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill provides runnable commands for web scraping, scheduled execution, and writing outputs to disk, but it does not clearly and prominently warn that using the examples will initiate outbound network requests to third-party government sites and create local files. This can surprise users, violate least-surprise expectations, and increase operational or compliance risk in restricted environments, even though the described behavior is aligned with the tool’s stated purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal