Chinese Script Check Skill

Security checks across malware telemetry and agentic risk

Overview

This is a focused Chinese script proofreading skill, but it writes review notes to local files that may contain sensitive story details.

Install and use this skill in a dedicated folder, especially for confidential or unpublished scripts. Before running it, check whether character_check.txt, scene_check.txt, or QUESTION.md already exist, and delete the generated files when you no longer need the review notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to create local intermediate files without notifying the user or obtaining consent. Silent filesystem writes can unexpectedly persist sensitive script content, create privacy and data-retention issues, and may overwrite existing files depending on runtime behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Writing final results to QUESTION.md without disclosure introduces the same persistence risk, with added potential for overwriting an existing file and leaving behind potentially confidential editorial analysis. Because the write is part of the required workflow, a user could trigger persistent local changes without realizing it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal