12321 骚扰电话举报

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate reporting purpose, but it automates an official complaint submission while handling phone numbers and SMS verification with weak consent and identity safeguards.

Review carefully before installing. Only use it if you want an agent to control a browser on 12321, process a captcha image, send phone and report details to that site, trigger SMS verification, and potentially submit an official complaint. Replace the hard-coded phone behavior, confirm the phone number and all fields every time, and require explicit approval before SMS requests, consent checkbox clicks, and final submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to persist captcha data to local files and use local tooling outside the browser workflow. That expands the skill's execution and data-handling scope beyond simple form automation, creating unnecessary filesystem exposure and increasing the chance that sensitive data is written to disk, retained, or processed by unintended local components.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Directing execution of a local Node command introduces general-purpose code execution that is not necessary for the stated reporting task. Even though the example command is simple, normalizing local command execution in skill instructions weakens safety boundaries and could be adapted to broader host-level actions or mishandle untrusted data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README states the skill can automatically trigger and fill SMS verification steps, but it does not clearly warn that the user's phone number will be sent to an external government-reporting site and that an out-of-band SMS flow will be initiated. In an agent skill, this matters because users may not realize the automation is causing real-world external interactions tied to their identity and device.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README advertises automatic form filling and submission to an external website without a prominent warning that potentially sensitive user-provided data will be transmitted outside the assistant environment. This can lead to unintended disclosure or submission of personal complaint details if a user does not understand that the agent will perform a live external submission.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase '填写举报表单' is broad and plausibly overlaps with ordinary conversation about reporting or filling forms, increasing the chance of accidental activation. In this skill's context, misfires are more dangerous because the skill performs external navigation and can initiate data-entry and submission workflows against a real complaint platform.

Vague Triggers

Low

Confidence: 82% confidence
Finding: The README lists trigger phrases but does not define strong activation boundaries or conditions for when similar complaint-related language should not invoke the skill. This ambiguity raises the risk of accidental invocation, which is especially relevant here because the skill automates a consequential external reporting flow rather than a harmless local action.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase "填写举报表单" is broad enough to match unrelated user intents, which can cause the skill to activate in contexts the user did not mean to invoke this sensitive reporting workflow. Because this skill automates a complaint submission process and handles personal data, accidental triggering is more dangerous than in a low-risk utility skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly sends a captcha image together with prefilled phone numbers and report details, but it does not include clear privacy controls, minimization rules, or consent language for handling that personal data. In this context, both the user's own phone number and the reported number are sensitive, and echoing them back in messages increases exposure through chat history and attachments.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Defaulting to a previously seen phone number, especially with a hard-prioritized specific number, creates a cross-session data reuse risk and can cause reports to be filed with the wrong identity information. This is particularly dangerous in a government complaint workflow because it may expose prior users' personal data and lead to unauthorized or inaccurate submissions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal