Back to skill

Security audit

mao-thought

Security checks across malware telemetry and agentic risk

Overview

This is a small offline Mao Zedong Thought Q&A skill with some broad routing and quality issues but no evidence of hidden access, persistence, credentials, networking, or destructive behavior.

Review the knowledge content and broad trigger terms before installing, especially if you need neutral historical treatment or precise source citations. From a security standpoint, the skill appears low risk because it only reads its own bundled file and does not request sensitive access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
`answer_question` ignores the user question and returns the entire knowledge base verbatim. In an agent skill, this can cause over-disclosure of internal prompt/context data or sensitive bundled content, and it defeats any intended query scoping or least-privilege behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains very broad terms such as '毛泽东', '社会主义', and '以及其他毛泽东相关概念', which can cause the skill to activate in many contexts beyond the narrow intended use. Overbroad activation increases the chance of unintended routing, policy bypass through context switching, or the skill responding to sensitive political topics when the user did not explicitly request this specialized behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.