SkillPress — 技能锻造炉

Security checks across malware telemetry and agentic risk

Overview

This looks like a skill-scaffolding helper, but its file-writing path appears under-scoped enough that users should review it before installing.

Install only if you trust the publisher and are comfortable reviewing the generated file paths. Use simple slugs with no slashes, dots, or absolute paths, and confirm where files will be written before allowing the skill to run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: `slug` is used directly in `skills_dir / slug` with no validation or normalization checks, so values like `../outside` or absolute paths can escape the intended `skills` directory. Because the tool then creates directories and writes `SKILL.md` and `__init__.py`, an attacker or careless user could overwrite or plant files elsewhere on the filesystem within the process's permissions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase '把这个流程做成技能' is broad enough to overlap with ordinary conversation about process improvement, which can cause the skill to activate unexpectedly. In a skill that generates files and scaffolding, accidental activation could lead to unreviewed artifact creation or capture of more conversation context than the user intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal