你聊我干

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is useful for importing DeepSeek chat work, but it can fetch remote chat content, install Puppeteer, write files, and continue development without clear confirmation gates.

Install only if you are comfortable with a skill that opens DeepSeek links in a headless browser, may install Puppeteer, and may create or modify local project files from chat contents. Use it only with chats you own or are authorized to process, preferably in a fresh/quarantined project directory, and review proposed files before allowing overwrites or running imported code.

Publisher note

增加了对多轮聊天记录的优化读取

SkillSpector (11)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The README frames the skill as simply reading DeepSeek share links and continuing development, but the documented behavior clearly includes extracting code, writing files, and performing follow-on development actions. This capability mismatch can mislead users and reviewers about the skill's effective permissions and side effects, increasing the risk of unsafe trust and unintended local modifications.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The workflow description explicitly says the skill renders pages, extracts code, writes files, and continues development, which exceeds a narrow 'read' description. When documentation understates these actions, users may supply untrusted links or run the skill without understanding that it can materialize attacker-controlled content into the local workspace.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The README describes browser automation and operational behavior broader than merely reading chat shares, including actions associated with file management and project execution. In a skill that processes external shared content, broader-than-advertised automation expands the attack surface and can facilitate unsafe handling of malicious or unexpected content.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest and top-level description frame the skill as merely reading DeepSeek links and continuing development, but the workflow also performs environment-changing actions such as installing Puppeteer and executing local browser-skill code. This mismatch can cause users or higher-level tooling to authorize the skill under a narrower trust assumption than its actual behavior, increasing the risk of unintended command execution and system modification.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill description understates that it reconstructs a project from untrusted chat content and writes multiple files, a README, and memory artifacts to disk. That discrepancy is dangerous because code extracted from an external chat link is treated as source material for local file creation, which can overwrite files, seed malicious code into a workspace, or mislead users about the degree of automation performed.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes automatic extraction and writing of project files but does not warn that the skill may modify the local workspace or continue development actions. In this context, the input is remote, user-supplied shared content, so failing to surface modification risks can lead to accidental overwrite of files or introduction of unreviewed code.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README omits a privacy and trust warning for fetching DeepSeek share links via browser automation, even though such links may contain proprietary code, prompts, or sensitive design discussions. Users may incorrectly assume the operation is equivalent to passive reading, when it actually involves remote retrieval, rendering, and local processing of potentially sensitive content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs writing extracted files, fragments, README content, and memory notes to disk without an explicit warning or confirmation gate for filesystem modification. Because the source material is untrusted external chat content, this can lead to silent creation or overwriting of project files, accidental corruption of an existing repo, or persistence of malicious code and instructions in the local workspace.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill uses headless browser automation to fetch and render external DeepSeek share pages but does not clearly disclose this network access or associated privacy implications. Users may not realize that invoking the skill sends requests to external services and processes potentially sensitive shared content through browser automation tooling.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Automatically running `npm install puppeteer` changes the local environment and executes package-management behavior without explicit warning or approval. This is dangerous because package installation can introduce new code, alter lockfiles or caches, consume resources, and broaden the attack surface, especially when performed as an implicit prerequisite to processing untrusted external content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example explicitly instructs reading a third-party DeepSeek share URL and extracting its chat contents, but provides no warning about ownership, authorization, consent, or handling of potentially sensitive data. In a skill designed to ingest external chat transcripts and continue development from them, this omission normalizes access to shared conversational content and can lead to privacy violations, unauthorized use of proprietary code, or accidental processing of confidential information.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal