阳明先生

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is purpose-related but needs Review because it stores sensitive behavior-diagnosis text and uses broad activation rules without enough consent, retention, or scope controls.

Install only if you are comfortable with local plaintext logging of personal behavior scenarios and with the assistant using broad behavior/persona triggers. Before use, prefer disabling or removing automatic logging, narrowing activation phrases to explicit commands, and adding clear consent, retention, and deletion controls.

SkillSpector (26)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill asks for detailed user behavior descriptions and stores diagnostic material beyond the core function of analyzing a target person's behavior. Collecting and retaining rich behavioral histories increases privacy risk because these narratives can contain sensitive personal, workplace, health, or financial details that may later be exposed or reused outside the user's expectations.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The persistent execution log, trend tracking, and improvement records create a longitudinal profile of user behavior that is not clearly necessary for a skill-generation engine. Such records can reveal intimate patterns over time and materially increase harm if accessed by other users, operators, or downstream systems.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The script persistently stores the user's raw behavior description, parsed traits, and friction assessment to a local markdown log even though the interface and docstring present the tool as producing a diagnosis report. Because these inputs can contain sensitive personal, psychological, or financial behavior details, undisclosed retention creates a privacy and data-handling risk, especially on shared machines or synced workspaces.

Intent-Code Divergence

Low

Confidence: 87% confidence
Finding: The documentation states the script outputs a diagnosis report, but the implementation also writes diagnostic records to disk. This mismatch is security-relevant because users may provide sensitive information under the false assumption that it is only processed transiently, increasing the chance of inadvertent data exposure.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script's documented behavior says it outputs a diagnosis report, but it also appends the user's raw behavior description and diagnosis results to a local log file. This creates an undisclosed data persistence path for potentially sensitive psychological, financial, or behavioral information, which can later be exposed through filesystem access, backups, or log aggregation.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script persists raw user behavioral descriptions, parsed traits, and diagnosis results to disk even though its stated purpose is only to generate a report. Because these inputs can contain sensitive personal, financial, or psychological information, unannounced local logging creates unnecessary data retention and privacy exposure if the host is shared, compromised, or logs are later exfiltrated.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The header/documentation represents the tool as producing only a diagnosis report, but the implementation also stores user input and derived analysis in logs. This mismatch undermines informed consent and can lead users to disclose sensitive information they would not have provided had persistence been clearly disclosed.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase is broad enough to capture many ordinary requests about analyzing a person's behavior, which can cause the skill to activate outside its intended scope. In an agent ecosystem, this creates prompt-routing risk: the system may invoke a powerful persona/skill builder when the user did not explicitly request skill generation, leading to unintended data collection, misleading outputs, or bypass of safer/default handling.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The invocation rule says to prioritize this engine whenever the user expresses similar intent, but it does not define clear boundaries or precedence. That ambiguity increases the chance of over-triggering and misrouting user requests to a skill that performs multi-agent research and skill creation, which is more capable and invasive than simple analysis and therefore riskier when activated implicitly.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that ordinary requests about creating advisors, researching behavior, or generating a skill could invoke this skill unexpectedly. Unintended activation is risky here because the skill is designed to collect detailed behavioral information and may start a complex workflow or logging process without the user deliberately choosing it.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The example activation phrases for the bundled personas are ambiguous and likely to collide with normal conversation, causing the skill to activate outside intended contexts. Because the skill then adopts advisory behavior and may generate or log sensitive diagnostic content, accidental invocation can lead to privacy and trust issues.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs storage of user scenarios, diagnostic outputs, and feedback, but does not present a clear privacy notice, consent mechanism, or retention explanation to the user. That omission undermines informed consent and raises the likelihood that users will disclose sensitive information without understanding it may be retained.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The log template is designed to record target人物、用户输入场景、诊断输出、摩擦指数、用户反馈等 behavior-related data, which can include sensitive personal, profiling, or preference information. There is no notice, consent mechanism, retention limit, minimization guidance, or handling policy, so users may be monitored and profiled without adequate transparency or safeguards.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad enough to match ordinary questions about education, careers, scaling, and entrepreneurship, which can cause the skill to activate when the user did not clearly request an Andrew Ng-style persona. This creates context hijacking risk: the assistant may switch into a prescriptive role/persona unexpectedly, shaping answers and suppressing normal neutral behavior.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The usage guide repeats highly generic trigger words such as questions about leaving a job, changing direction, or whether it is too late to enter a field. Because these are common user intents, the skill can overreach and steer routine conversations into this specialized behavior framework without sufficiently clear consent.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: Sensitive user-provided behavior narratives are written to a local log file without any up-front warning in the user interface. In this skill's context, users are encouraged to describe personal decision-making, losses, stress reactions, and recovery patterns, so the collected text may reveal intimate behavioral or financial information that could be exposed to other local users, backups, or repository sync processes.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad enough to match ordinary requests about learning, behavior analysis, or creating a skill, which can cause the assistant to invoke this persona unexpectedly. That creates scope hijacking risk: users may receive role-played, identity-framed responses when they did not explicitly ask for impersonation, reducing transparency and potentially overriding higher-priority user intent.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The exit triggers ('退出', '切回正常') are short and conversational, so they can appear in normal discussion and accidentally terminate the skill state. While lower severity than overbroad activation, it still makes dialogue control ambiguous and unreliable, especially in mixed-language or quoted-text contexts.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The model trigger conditions are framed around very generic questions like learning methods, career decisions, and handling failure. This can cause the skill to overtake broad classes of normal user queries and steer them into a predefined behavioral framework or impersonated voice without clear consent.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The usage guide lists highly generic trigger words such as learning, job change, failure, and time management, which are common in everyday conversation. In practice this increases accidental activation likelihood and can produce misleading persona-based advice outside the intended scope.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script writes sensitive user-provided behavior descriptions to disk without warning, consent, or an explicit retention policy. Because the input concerns personal behavior, mistakes, losses, and stress reactions, silent logging can expose intimate user data to other local users, administrators, backups, or incident responders who were never intended recipients.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script logs user-provided free-text behavioral descriptions without an explicit warning, consent flow, or visibility into retention. Since the input prompt encourages disclosure of emotional and investment behavior, the resulting logs may capture highly sensitive personal data that remains on disk beyond the session.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Persistently logging natural-language user scenarios and diagnostic reports creates a concrete data retention and leakage risk because free-form text often contains names, events, employers, finances, and other sensitive facts. In this skill's context, the data is especially sensitive because it concerns personal behavior patterns and self-assessed weaknesses over time.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The script logs raw behavior descriptions in plain language without minimization, redaction, or structured sanitization. In context, those descriptions can include highly sensitive personal and financial behavior patterns, making the logs a durable record of private information that may be readable by unintended parties or retained longer than necessary.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The script persistently stores raw natural-language descriptions of user behavior in plaintext dated log files. Free-text logs are especially risky because they often contain highly specific personal details that are difficult to sanitize after the fact and can be unintentionally retained, copied, or indexed by surrounding systems.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal