Back to skill

Security audit

词霸每日一句

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Iciba daily-sentence card generator; its network fetches and local file outputs are expected for that purpose.

Install only where network access to Iciba/image URLs and creation of local HTML, PNG, JSON, and metadata files is acceptable. Prefer trusted API URLs or local JSON inputs, and review the generated QR/TTS URL before sharing cards publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
82% confidence
Finding
The workflow tells the agent to fetch remote API data, render assets, and return links to generated HTML and PNG files without clearly warning that it will create local files and use network access. This is primarily a user-consent and transparency issue: users may not expect external requests or artifact creation, which can matter in restricted or privacy-sensitive environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.