auto-leetcode

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward LeetCode study helper that fetches problem information and writes solution files to a user-provided folder.

Install only if you are comfortable with the agent searching LeetCode-related pages and creating files in a directory you provide. Use a dedicated LeetCode folder, review the target path before generation, and check generated code before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description says it should trigger for broad phrases like 'LeetCode刷题' and '刷算法题等场景', which can overlap with ordinary conversation and cause the skill to activate without clear user intent. Because this skill performs downstream web access and local file creation, an accidental trigger could lead to unwanted network activity and filesystem writes.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly creates local folders and writes multiple files, but it does not present a clear safety notice or require explicit confirmation immediately before writing. In a tool that transforms web-fetched content into local files, missing write-risk disclosure increases the chance of user confusion, unintended persistence of content, or writing into sensitive directories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal