Back to skill

Security audit

Kaiqiao

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent and local, but it broadly trains the agent to act without confirmation and to store behavioral profile notes, so users should review it before installing.

Install only if you want an assertive assistant that asks fewer confirmations. Before using it, require prior confirmation for deletions, payments, publishing, account changes, external messages, private-data access, commits, and other irreversible or high-impact actions. Also review or disable USER.md, MEMORY.md, and recurring reminder behavior if you do not want preferences or emotional cues retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata and top-level description claim behavior such as proactive blocking and timed reminders, but the implementation only performs static regex-based prompt analysis and reporting. This capability mismatch can mislead users or downstream agents into believing safeguards or reminder mechanisms exist when they do not, causing unsafe reliance on controls that are absent.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The report presents '该拦的时候拦' as an evaluated safety dimension, but the block analysis is not meaningfully incorporated into the final score or surfaced as an actual enforcement outcome. This creates a false impression that risky prompts are being assessed or constrained, which can weaken operator vigilance and lead to unsafe approval of prompts that should have been flagged more strongly.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger keywords are very broad everyday phrases such as 'prompt检查' and '诊断报告', which can cause the skill to activate during ordinary conversation rather than intentional invocation. Unintended activation is risky here because the skill modifies agent behavior, response style, and memory practices, potentially overriding user expectations in unrelated contexts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example invocation '帮我开窍一下' is short and natural enough to collide with normal speech, making accidental activation plausible. Because this skill changes how the agent asks, acts, blocks, and stores user preferences, accidental triggering can have persistent behavioral side effects beyond a single turn.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to persist user preferences, habits, emotional cues, and corrections into USER.md and MEMORY.md, then periodically resurface them later. This creates a privacy and profiling risk because potentially sensitive behavioral data is retained and reused without explicit consent, retention limits, or data minimization safeguards.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.