AI Book Recommendation Engine（AI 书籍推荐引擎）

Security checks across malware telemetry and agentic risk

Overview

This book recommendation skill is purpose-aligned and disclosed, with a narrow local scoring helper that does not show unsafe behavior.

Before installing, understand that the skill will search the web for your book topics, fetch public book pages, read a narrow reading-history file if present, and run its included scoring script. Review or avoid the helper script if your environment treats any packaged local code execution as unacceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill instructs the agent to execute a local script (`scripts/score_books.py`) even though the stated purpose is a web-search recommendation workflow. Invoking an undeclared local script expands the trust boundary and can lead to execution of unreviewed code, creating a path for unexpected side effects or abuse if that script is modified or malicious.

Scope Creep

High

Confidence: 94% confidence
Finding: The instructions reference executing `scripts/score_books.py`, but the manifest only declares read access to `memory/reading-history.json`, so the operational behavior is outside the declared permission model. This mismatch undermines least-privilege guarantees and can hide code execution pathways from reviewers, increasing the risk of unauthorized local actions if the environment permits script execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal