文员自动化助手

Security checks across malware telemetry and agentic risk

Overview

This skill appears benign, but it saves whatever office text the user provides into a persistent exports folder.

Use this only for notes you are comfortable storing as files in the exports directory. Avoid passwords, regulated data, confidential meeting details, or personal information unless the storage location and retention policy are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation examples are generic everyday requests like '帮我记录一下' and '把这段话存成工单', which can cause the skill to trigger on ordinary conversation that was not meant to invoke persistent server-side storage. In this skill’s context, unintended activation is more dangerous because the output is automatically saved to a server, creating risk of accidental data capture and unexpected retention.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description says generated files are automatically saved to the server's exports directory, but it does not provide a prominent warning or consent step before doing so. This is dangerous because users may provide meeting notes, internal tasks, or other sensitive business content without realizing it will be persisted server-side, increasing confidentiality and retention risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal