Ruankao Essay Writing | 软考论文写作

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a writing-guidance skill with a broad activation phrase issue, but there is no evidence of hidden access, persistence, credential handling, destructive behavior, or data exfiltration.

This looks acceptable to install for its stated writing-help purpose. Be aware that it may activate for general paper-writing or revision requests, so check that the skill is being used in the intended exam-essay context before relying on its output.

Publisher note

覆盖软考系统架构设计师论文写作全流程（项目准备→试题分析→提纲撰写→摘要撰写→正文填充→检查校对），提供 SCQA 框架、金字塔原理、素材库建设等专业指导。当用户提到"帮我写论文""论文指导""如何准备论文""改论文""论文提纲""论文模板"等涉及论文写作的需求时触发。不适用于论文评分（那是 ruankao-essay-scoring 的职责）。

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases include very broad expressions such as “帮我写论文”, “论文指导”, and “改论文”, which can match many general writing or academic-assistance requests outside the intended soft-exam architecture-essay context. This can cause unintended skill activation, leading to scope confusion, inappropriate responses, or routing sensitive/irrelevant user content into a specialized workflow that was not meant for it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal