Back to skill

Security audit

Baoyu Translate

Security checks across malware telemetry and agentic risk

Overview

This is a coherent translation skill that writes local translation artifacts and preferences as part of its documented workflow, with no evidence of hidden theft or destructive behavior.

Install if you want a file-based translation workflow. Avoid using it on highly sensitive documents unless you are comfortable with source-derived analysis, drafts, chunks, and final translations being written to disk; review or delete generated output and backup directories after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
Using a generic trigger like "localize" without stronger context can cause the skill to activate for requests beyond text translation, such as software/app localization, asset modification, or broader content transformation tasks. In an agentic environment, overly broad activation increases the chance of unintended file handling or workflow execution on user-provided materials.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase "provides a URL/file with translation intent" is underspecified and may lead the agent to infer intent too aggressively from attachments or links. That can cause the skill to process files or remote content the user did not clearly ask to translate, expanding scope and increasing the risk of unintended data access or actions.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
Defaulting to zh-CN without explicit user opt-in can produce unintended disclosure or transformation of user content into the wrong language, especially when the user has not specified a target. While not directly a code-execution issue, it can cause incorrect handling of sensitive or business-critical material and reduces user control over processing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow explicitly instructs the agent to persist multiple intermediate files containing source text, analysis, prompts, critiques, and drafts, but provides no guidance on minimizing, redacting, or obtaining consent for storage of potentially sensitive content. In a translation skill, users may submit private documents, proprietary text, or regulated data, so creating many saved artifacts materially increases data exposure, retention, and accidental disclosure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow explicitly instructs fetching arbitrary URL content and creating or renaming directories on disk, but it provides no requirement to notify the user or obtain confirmation before performing network and file-system side effects. In an agent skill, this can lead to unexpected external requests, privacy leakage, and unintended modification of local files, especially when triggered from ambiguous translation requests involving URLs or existing output directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.