Back to skill

Security audit

多智能体联合研究框架

Security checks across malware telemetry and agentic risk

Overview

The skill discloses cloud synchronization of research results, which fits its workflow but requires care with sensitive material.

Before installing, confirm which cloud storage location is used, what files or notes are uploaded, and whether you can disable sync or keep sensitive research local.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states that results are automatically synchronized to a specified cloud storage location, but it does not mention user consent, data classification, destination validation, or privacy/security controls. In a multi-agent research workflow, outputs may include sensitive research data, intermediate notes, citations, or proprietary project material, so silent or default external transmission creates a real data exfiltration and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.