Second Brain Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed second-brain research and note-writing helper with bounded, annotated local edits and no hidden execution or exfiltration behavior found.

Install this only if you want an agent to search your local second-brain notes and add AI 注 sections to them. Set SECOND_BRAIN_WIKI_ROOT or SECOND_BRAIN_ROOT so it targets the intended vault, and ask for a preview or diff before writeback if you want tighter control over changes or output language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger language is broad enough that ordinary user requests such as 'research', 'update', or 'enrich' a topic could activate the skill unintentionally. Because this skill can write back to local second-brain files, over-broad invocation increases the chance of unauthorized or surprising file modifications from ambiguous prompts.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: Defaulting to Chinese without user opt-in can cause output-language mismatch, reducing user understanding of what the skill is about to write or change. In a writeback-capable skill, that increases the risk that users approve or overlook edits they cannot easily review, though this is primarily a usability and consent issue rather than a direct security flaw.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal