Back to skill

Security audit

读书每日推荐

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public WeRead book-ranking data and creates local recommendation cards, with only low-impact transparency and trigger-scope caveats.

Install this if you want WeRead-based daily recommendation cards. Be aware it contacts external sites, writes output files locally, may load external fonts or cover images when opened, and should ask before enabling any recurring daily push or running on a generic book-recommendation request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to perform network access and read/write local files, but the metadata does not declare any permissions or capability boundaries. This weakens security review and user consent because a seemingly simple recommendation skill can fetch remote content, cache data locally, and generate artifacts without explicit disclosure.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad terms like '读书推荐', '推荐一本书', and 'book recommendation', which can match many ordinary user requests outside the narrow WeRead-ranking use case. Over-broad activation can cause the wrong skill to run unexpectedly, leading to unintended network fetches, file writes, and automated actions in contexts where the user did not request this specific workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.