Security audit

帮助小白记录环境变量，如电脑遇到不可知问题，可以优先访问log排查问题

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only helper for tracking environment-variable changes and beginner troubleshooting, with no hidden code or install-time behavior.

Safe to install as a lightweight instruction skill. Before using it for real environment changes, ask the agent to show the exact change and a rollback plan, and tell it to redact API keys, tokens, passwords, and other secrets from any local change log.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes very broad phrases like '看看是什么问题' and '帮我查下日志', which are common in general troubleshooting conversations and can cause this skill to activate unintentionally. Because the skill steers behavior toward environment-variable changes and log-focused investigation, accidental invocation could redirect an agent into modifying system configuration or disclosing diagnostic details in situations where that scope was not explicitly requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.