小说风格续写

Security checks across malware telemetry and agentic risk

Overview

This is a coherent novel-continuation writing skill that stores local style and plot notes, with no evidence of malware, credential use, network access, or unrelated file access.

Install this only for fiction text you are comfortable having summarized into local reference files. Review or clear the reference files when switching stories or working with private, sensitive, or copyrighted drafts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match many ordinary creative-writing requests, so the skill may be invoked when the user did not explicitly intend this workflow. That increases the chance of unintended file creation, persistence, and style-imitation behavior being applied to unrelated prompts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create and update local reference files derived from user-provided text, but it does not clearly disclose that persistence behavior or obtain user consent. This can lead to unexpected retention of copyrighted, sensitive, or private user content and expands the data exposure surface beyond the immediate session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal