知乎发帖-谷歌浏览器

Security checks across malware telemetry and agentic risk

Overview

The skill is open about publishing Zhihu articles, but it can automatically post under a logged-in account without a fresh confirmation step.

Install only if you want an agent to publish real Zhihu column articles from your logged-in Chrome profile. Prefer using explicit preview or draft wording unless you are ready to post, and consider editing the skill to require confirmation before --submit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list includes broad natural-language phrases such as 帮我发帖 and 自动发知乎 that can match ordinary conversation and unintentionally activate a skill that performs real external actions. Because this skill is configured to publish content, accidental invocation can lead directly to unauthorized posting from an already logged-in account.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The workflow explicitly says the default for normal requests is to skip checks and go straight to --submit, meaning the agent will perform a real publication without a dedicated confirmation barrier. In a session-attached browser context, this can cause irreversible posting under the user's account due to misunderstanding, prompt injection, or accidental trigger matches.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal