Back to skill

Security audit

吏部

Security checks across malware telemetry and agentic risk

Overview

This is a coherent expert-skill generator, but users should be careful with private documents and output paths.

Install only if you are comfortable running local Python helpers on selected files. Use redacted or non-sensitive documents when possible, avoid sending private document text to web search, choose a safe output directory, and review the generated SKILL.md before installing or sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The instruction to '充分利用智能体的网络搜索和内容理解能力' introduces broad external data access that is not scoped to the stated local generation workflow. Unbounded search can expose user prompts or derived private context to external services, expand the attack surface for prompt-injection from web content, and pull in untrusted material without clear necessity.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include very broad patterns such as '我需要一个XX领域的顾问', which can match ordinary requests and cause the skill to activate unexpectedly. In a skill that reads private files, writes outputs, and may perform network search, overbroad activation increases the chance of unintended data processing or workflow hijacking.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly ingests user private knowledge files and elsewhere encourages network search, but it provides no clear privacy, retention, or data-handling warning. In this context, users may provide sensitive documents believing they remain local, while the workflow leaves unclear whether content may be transmitted externally or stored in generated artifacts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script prints extracted content from a user-supplied private document directly to stdout as part of its JSON result. In agent or automation environments, stdout is commonly logged, captured by orchestration layers, or shown to other components, which can unintentionally disclose sensitive personal or proprietary data. The skill context explicitly handles '用户私有知识' (user private knowledge), which makes this exposure more dangerous rather than less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.