Reading Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk placeholder skill with Chinese documentation and no implemented sensitive behavior, but it likely will not provide useful reading-assistant features yet.

Install only if you understand this version is essentially a placeholder. It appears security-benign, but users should not rely on it for real reading assistance, querying, or report generation until the publisher ships an implemented version and clearer multilingual metadata if needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The manifest description is written entirely in Chinese and appears to assume a specific language context without indicating user choice or multilingual support. This can cause the agent to invoke the skill for users who did not opt into that locale, leading to confusing or misleading behavior and reducing transparency about what the skill does.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal