Security audit

除秽·调优魄

Security checks across malware telemetry and agentic risk

Overview

This MacBook optimization skill is purpose-aligned and discloses local cleanup and tuning behavior, with confirmation required before risky actions.

Install only if you want a local Mac maintenance assistant. Review any proposed deletion, cache cleanup, process termination, startup change, or cron monitoring request before approving it, especially on shared or work-managed Macs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger examples are broad enough to activate on common requests such as '系统有点慢，帮我看看' or '清理一下环境', which can lead the skill to initiate diagnostic or cleanup behavior without strong scoping or confirmation. In the context of a skill that discusses environment cleanup and tuning, broad triggers increase the chance of unintended state-changing actions being proposed or executed.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly includes cleanup and tuning operations such as temporary file cleanup, cache optimization, and log management, all of which can alter system state, but it does not require explicit user consent or provide a warning before execution. This is dangerous because optimization and cleanup tasks can delete useful data, disrupt services, or change configuration in ways that are hard to reverse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal