Back to skill

Security audit

High School English

Security checks across malware telemetry and agentic risk

Overview

This English tutoring skill stores study progress locally or optionally in Feishu, and its sensitive behaviors are mostly disclosed and aligned with its learning purpose.

Prefer CSV mode unless you specifically need Feishu sync. If using Feishu, use a least-privilege token and avoid sharing it in chats or shared workspaces. Only send study-related photos, because OCR results may be saved into the learning records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using "复习" by itself as a trigger is overly broad and can match ordinary conversation unrelated to this skill, causing unintended activation. That can lead to surprise reads/writes of study data, profile-based behavior, or workflow transitions when the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Triggering on any photo is too broad because many images a user sends may be unrelated to English study. Unintended activation could cause OCR processing and data ingestion into vocab/knowledge storage without clear user intent, creating privacy and consent issues.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs automatic creation of workspace directories and CSV files during setup without a clear upfront warning in the skill description. Silent local modifications are risky because users may not expect persistent file creation or understand what data is being stored.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill proposes calling the Feishu API and storing App Tokens/Table IDs in workspace memory without clear warnings about external network use, credential sensitivity, retention, and access boundaries. If mishandled, these credentials could enable unauthorized access to the user's Feishu data or unintended external transmission of study records.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The rules treat broad self-reported phrases such as “没掌握”, “不会”, “忘了”, “记住了”, “掌握了”, and “会了” as state-changing triggers without requiring explicit confirmation that the user intends to update mastery status. In a conversational tutoring skill, these phrases can appear in explanation, quoting, hypotheticals, or discussion about another topic, causing unintended memory-level resets or promotions and corrupting learning records.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly asks users to provide a Feishu App Token and Table IDs, which are sensitive integration credentials, but gives no warning about secure handling, scope minimization, storage, or who can access them. In an education skill aimed at high-school students, this is more concerning because users may be minors or less security-aware and could paste live tokens into insecure channels or shared workspaces.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.