Security audit

Keji Skill Showcase

Security checks across malware telemetry and agentic risk

Overview

This is a simple research-skill directory that points users to three related skills and does not contain code, hidden execution, credential use, or persistence.

Before installing, note that this skill is mainly a directory that may trigger on broad research phrases and recommend other skills. Review the three suggested downstream skills separately, especially if they access papers, accounts, files, or external services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases listed in the description are very broad academic terms such as '找论文', '查文献', and '毕业论文', which are likely to appear in ordinary user conversations. This can cause the showcase skill to activate too often and redirect users into installed downstream skills without clear intent, increasing the chance of unintended routing and prompt-scope interference across normal academic interactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.