Back to skill

Security audit

日报周报生成器

Security checks across malware telemetry and agentic risk

Overview

This skill locally generates daily or weekly Markdown reports and shows no evidence of automatic sending, network access, credential use, or persistence.

Reasonable to install for local report generation. Treat it as a generator only: review the Markdown before sharing it, do not assume it can automatically send reports, and provide only the work data you intend to include.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase set includes broad natural-language requests such as “汇总工作” and especially “每天自动发日报”, which can overlap with ordinary workplace conversation and cause the skill to activate unexpectedly. In an agent setting, over-broad activation can lead to unintended processing of user data or unsolicited report generation from unrelated context, even if the skill itself is not overtly malicious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.