中国学生教科书目录

Security checks across malware telemetry and agentic risk

Overview

This skill is a small textbook-directory lookup tool with disclosed, user-triggered local data updates and no executable code or network behavior.

Install if you want a local Chinese textbook contents lookup. Before using the add-new-book workflow, confirm the book name and keep writes limited to the skill's textbooks folder; do not let arbitrary user text choose paths or overwrite existing files without review.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is described as a read-only textbook lookup tool, but the documentation also instructs the agent to accept user-provided content and write new JSON files into the skill data directory. This creates a scope/permission mismatch that can enable unauthorized persistence, data tampering, or abuse of the skill as a file-writing primitive if the runtime permits writes.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documentation first directs use of the read tool directly, then later adds behavior that writes files as part of normal skill operation. Mixed read/write guidance increases the chance an agent will overreach its intended permissions, and if tool access is available it could be induced by user input to persist attacker-controlled content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal