具身智能就业资讯追踪

Security checks across malware telemetry and agentic risk

Overview

The only identified issue is a disclosed local report-writing path concern, not evidence of deception, exfiltration, or destructive behavior.

Before installing, check where the skill writes generated reports and prefer a workspace or user-selected output directory. Treat the hard-coded Windows path as something to review or change, but the supplied evidence does not show malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to write generated reports to a fixed local Windows path without explicit user consent, path validation, or workspace scoping. This can cause unintended file creation/modification on the host system and makes the behavior less transparent, especially in automated recurring execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal