Back to skill

Security audit

📋 List · 智能表单(智能记账·智能记事本·智能账单)- Smart Form & Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a local note and bookkeeping helper that saves user-provided records as disclosed, with no evidence of exfiltration or hidden behavior.

Install only if you are comfortable with “记一下 ...” causing local records and attachments to be saved immediately. Avoid using it for secrets or highly sensitive documents unless you also manage deletion and access to the workspace memory/list-data folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrase `记一下 xxx` is common conversational language and can easily appear in unrelated chats, causing unintended activation and automatic persistence of user content. Because the skill is designed to save immediately on command-like phrasing, accidental invocation can convert ordinary conversation into stored records without meaningful user intent verification.

Vague Triggers

High
Confidence
96% confidence
Finding
The guidance `说‘记一下’就完事了` reinforces a boundaryless activation model where a ubiquitous phrase is treated as sufficient authority to store data. In the context of a skill that writes structured records and attachments to disk, this increases the risk of capturing sensitive or unintended information from normal dialogue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores records and attachments persistently, but the storage section is implementation-oriented and does not establish a clear user warning or consent flow before writes occur. This is dangerous because users may provide receipts, notes, logs, or other sensitive content without realizing it will be archived on disk and potentially retained long term.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The rule `直接识别并保存,无需确认` removes an important safeguard for a skill that performs persistent writes. Combined with the broad trigger phrase, this can cause silent storage of personal, financial, or operational data, making accidental data retention much more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.