论语 — 私人语录

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local personal-quote archive, but users should be careful because saved quotes and context can be sensitive.

Install only if you are comfortable with selected conversation snippets and context being saved locally in ~/.hermes/lunyu/ and possibly exported or shown in daily notifications. Avoid saving secrets, workplace-confidential information, or intimate content on shared or synced devices, and review or delete the archive regularly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README encourages users to capture spontaneous personal thoughts, emotional reflections, and potentially intimate content, then store and export them, but it provides no warning about privacy, retention, or accidental disclosure risks. Because the examples and feature list explicitly include sensitive categories and persistent local files, users may unknowingly record confidential or embarrassing material that could later be exposed through device compromise, backups, sync tools, or exports.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: 被动触发规则以“特别有力量/智慧/幽默的话”为标准，主观性很强，容易在普通对话中误触发记录确认流程。由于该技能的核心行为是持久化保存用户原话及上下文，误触发会扩大非预期采集范围，并诱导用户在未充分意识到存储后果时确认保存。

Vague Triggers

Medium

Confidence: 82% confidence
Finding: 主动触发短语中包含“把这句话记下来”“这句记进论语”等自然语言表达，可能在普通元对话、引用示例或讨论功能时被误判为命令。对一个会将内容写入本地持久存储的技能而言，命令歧义会直接导致非预期记录和数据保留。

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: 技能说明强调“你说，我记。零摩擦、零延迟”，但没有在显著位置同步提示会将用户语句和上下文持久化保存到本地文件。由于内容可能包含情感、私密、暧昧或工作相关信息，缺乏清晰的存储告知与同意机制会造成隐私预期落差。

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: 每日 cron job 会自动整理并推送“今日论语”，这属于超出初始记录行为的二次处理与再传播。文档未对自动运行、重复暴露、通知展示位置或敏感内容可能出现在推送中的风险做出明确提醒，容易造成意外泄露。

Ssd 3

Medium

Confidence: 95% confidence
Finding: 技能明确要求捕捉用户话语并“自动整理”，且描述中提到抓取上下文氛围，这会把自然对话内容转化为持久化数据集。上下文往往比单句本身更容易包含身份、关系、地点、情绪或工作细节，因此形成实际的数据保留与泄露风险。

Ssd 3

Medium

Confidence: 90% confidence
Finding: 被动提示机制会在代理判断某句“精彩”时主动提出记录，实质上鼓励额外收集用户内容。即使有一次简短确认，这种设计仍可能在用户未充分理解保存范围、上下文采集和后续自动处理的情况下促成存储，属于不必要扩大采集面。

Ssd 3

Medium

Confidence: 96% confidence
Finding: 存储结构同时保留原句 text 和场景 context，属于对会话内容的较完整留存，会显著增加敏感信息、私人偏好和行为线索被恢复的可能性。结合时间、日期、章节、标签等元数据，还会提升内容可关联性和再识别风险。

Ssd 3

Medium

Confidence: 94% confidence
Finding: 每日编译和推送流程会把已记录内容再次写入 `论语.md` 并通过通知渠道传播，扩大了从“本地存档”到“再发布”的暴露面。通知内容可能出现在锁屏、桌面预览或其他共享环境中，从而泄露原本只应保存在私有文件中的语句。

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal