Security audit

Exam Paper

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but weak path controls can let crafted subject names or imported question files read or write outside the advertised exam-data folder.

Review before installing if you will import question-bank JSON from others or use custom subject names. Use only trusted question files, avoid subject names containing slashes or '..', and confirm any commands that create, import, export, or modify local data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list contains broad terms such as '题库', '试卷', and '错题本' that can overlap with ordinary conversation, increasing the chance that the skill activates when the user did not intend to run it. Because activation can lead to script execution and file creation, accidental invocation has real side effects beyond a harmless misclassification.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The markdown explicitly describes writing exam data under ~/.qclaw/workspace/exam-data and exporting PDFs to ~/Desktop, but does not clearly warn the user about these filesystem side effects before execution. In context, this is more dangerous because the skill manages persistent question-bank and error-tracking data, so accidental use can create, overwrite, or disclose educational records and generated content in predictable locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.