生成读书活动

Security checks across malware telemetry and agentic risk

Overview

This skill creates local reading-activity files and archives them; the file changes are disclosed and aligned with its purpose, but users should review the output path and cleanup behavior.

Install only if you are comfortable with the skill creating files under its configured output directory, producing a ZIP archive, and moving the generated working folder to the recycle bin. Use non-sensitive book titles, check the destination path before running, and keep backups if you change the output location.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill performs filesystem operations including creating directories, writing multiple files, compressing them, and moving originals to the recycle bin, but it does not require explicit user confirmation for these side effects. This can lead to unintended local data creation or modification, especially if the path is sensitive, shared, or has insufficient safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal