使用欧路词典OpenAPI，对生词本及笔记进行查询、修改等操作。

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Eudic OpenAPI skill that can read and manage vocabulary lists, notes, and corpus data using the user's API token.

Install only if you want an agent to access your Eudic OpenAPI account. Keep the API token private, avoid logging or pasting it into shared contexts, and review any rename, bulk add, or delete operation before it runs, especially if your notes or corpus contain personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly documents destructive operations such as deleting vocabulary lists, words, and notes, but provides no requirement for user confirmation or warning that the actions are irreversible. In an agent setting, this increases the chance of accidental or unauthorized data deletion if a user request is ambiguous or maliciously induced.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs use of an authorization token to access user study lists, notes, and corpus data, but does not disclose that personal learning data will be transmitted to a third-party API. This omission can cause privacy surprises and unsafe handling of sensitive tokens or user content in an agent workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal