Back to skill

Security audit

Log Pattern Analyzer / 日志模式智能分析

Security checks across malware telemetry and agentic risk

Overview

This is a simple log-analysis skill with no executable install steps or hidden behavior, though users should sanitize logs before use.

Before installing, treat any logs you analyze as potentially sensitive. Redact tokens, credentials, IP addresses, personal data, and production details as appropriate, and be aware that the skill declares curl even though it does not explain a network-use workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad and does not define clear activation triggers, input boundaries, or scope constraints. In an agent environment, this can cause the skill to be invoked for loosely related tasks and process unintended log sources or sensitive operational data, increasing the chance of overcollection, misuse, or unsafe automated actions based on ambiguous matching.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages log analysis but provides no warning that logs commonly contain secrets, personal data, tokens, IPs, and internal system details. Without privacy and sensitivity guidance, users or agents may paste or fetch confidential logs into the skill, leading to inadvertent exposure, retention, or downstream processing of sensitive data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.