血友病公众号文章写作

Security checks across malware telemetry and agentic risk

Overview

This WeChat article-writing skill is mostly coherent, but it automatically tells the agent to read the user's local CLAUDE.md file without a consent step or scope limits.

Install only if you are comfortable with the agent reading CLAUDE.md during article-writing requests. Safer use would be to edit the skill to ask first, narrow activation to explicit WeChat/公众号 article tasks, or provide writing-style preferences directly instead of reading a local file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger description is broad enough to activate on generic content-writing requests, which can cause the skill to run outside its intended WeChat-specific scope. Overbroad activation increases the chance that users are funneled into behaviors like web searching or local file access they did not explicitly request, creating consent and data-exposure risks.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instruction to read the user's CLAUDE.md directs the agent to access a local file without an explicit user-facing permission step or disclosure of what data will be read. Because CLAUDE.md may contain private preferences, project instructions, secrets, or other sensitive local context, this can lead to unintended disclosure and use of data beyond what the user asked for.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal