拾遗 · 通用备考错题追踪（shiyi-study-tracker）

Security checks across malware telemetry and agentic risk

Overview

This study-tracking skill is mostly coherent, but it stores sensitive screenshot-based study data persistently and has an export path that can be influenced by user text.

Install only if you are comfortable with exam screenshots and extracted study details being stored locally, backed up, reused for future prompts, and potentially included in exports/reminders. Avoid sending screenshots with personal information, enable cron jobs only if you want proactive Feishu reminders, and prefer fixing the export filename sanitization before broad use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly describes automatic archiving of wrong-question data, scheduled summaries, reminders, and Excel exports, but does not clearly warn users that their study data will be stored persistently under the skill directory and may be sent through Feishu channels via cron jobs. This creates a privacy and transparency issue: users may share screenshots containing personal or sensitive educational information without understanding retention, backup, export, and notification behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill declares very broad trigger phrases such as "做了题", "错了", "记得", and "不记得", plus image messages auto-trigger recognition. In a chat environment, these common expressions can cause accidental activation, unintended processing of unrelated images or messages, and unwanted writes to persistent study records.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documentation states that it persistently stores wrong-question data, maintains review history, exports files, and sends scheduled reminders, but it does not clearly warn users about data retention, local storage paths, export contents, or notification behavior. Because the stored content may include screenshots, full question text, answers, and study metadata, users may unknowingly expose sensitive educational records or copyrighted material through exports and background processing.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code persists the entire screenshot as raw_image_b64 after OCR/parsing. Because this skill handles exam screenshots, the image may contain sensitive personal data, handwritten notes, account identifiers, or other unintended content, and retaining the full image greatly increases privacy and breach impact if storage is accessed or reused later. The skill description mentions recognition and export, but this file shows no minimization, retention limit, or user-facing notice before saving the raw image.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The function sends both the image and user caption to an external agent callback for analysis, which is a data transfer to another processing component without any visible transparency or consent mechanism in this code. Since screenshots may contain sensitive educational records or incidental personal information, undisclosed third-party/model transmission creates privacy, compliance, and data handling risks even if the transfer is functionally necessary.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The code updates a persistent tag library using parsed question_type and knowledge_point derived from user content, but there is no visible notice that these derived labels are stored and reused across future interactions. While lower risk than raw image retention, it still creates an undisclosed persistent profile of the user's study weaknesses and exam history, which may be sensitive in this context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal