Back to skill

Security audit

Demo Website Product Manager 小白建站

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese guide for helping non-technical users plan and deploy demo websites or WeChat mini programs, with some setup-data handling that needs caution but no hidden or automatic unsafe behavior.

Safe to install as a documentation helper. Before following deployment steps, keep .env files, database URLs, API keys, tokens, passwords, private keys, and unredacted screenshots out of chat and GitHub; enter secrets only in official Vercel/WeChat/Cursor settings or local config files, and rotate anything accidentally exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document explicitly instructs the agent not to ask the user for IDs, but later tells the user to send the cloud environment ID back. This creates contradictory handling of sensitive configuration data and can normalize sharing deployment identifiers with the agent, increasing the chance of accidental disclosure or misuse in later automated actions.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill enforces Chinese-language interaction for zero-technical users without first asking the user's preferred language. This can exclude or confuse users who are not comfortable with Chinese, increasing the chance they misunderstand security-relevant setup, deployment, or credential-handling guidance and make unsafe choices.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide tells users to enter environment variables and database connection information, which are often sensitive secrets, but it does not warn them to keep credentials private, avoid pasting them into chats/screenshots, and only enter them in the trusted Vercel settings UI. In a zero-technical-user onboarding context, this omission increases the chance of accidental secret disclosure or unsafe handling of production credentials.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill asks the user to send a cloud environment ID to the agent without warning that it is configuration data. While an environment ID is not usually a secret by itself, collecting infrastructure identifiers in chat can aid environment enumeration, misconfiguration, or later social-engineering and should be treated carefully, especially for non-technical users.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.