Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- 该技能明确声明会自动重命名凭证文件,并在版本记录中提到会同时修改原文件名并复制到报销凭证目录,但未要求显式确认、未说明覆盖/冲突处理、也未提示会对原始文件产生持久修改。对用户文件进行自动改名和复制属于状态变更型操作,可能导致文件混淆、引用失效、误覆盖或敏感票据在目录中被额外扩散。
报销助手
Security checks across malware telemetry and agentic risk
Overview
This reimbursement helper does what it claims, but users should know it can rename original receipt files and create copied receipt folders.
Install only if you are comfortable with a reimbursement assistant renaming original receipt files and copying them into a local reimbursement directory. Test it on sample files first, keep backups of important receipts, and check for filename conflicts before using it on a large folder.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)
VirusTotal
67/67 vendors flagged this skill as clean.