智能错题本

Security checks across malware telemetry and agentic risk

Overview

This tutoring skill is coherent, but it records and shares detailed student mistake and learning-profile data without clear consent, retention, or opt-out controls.

Install only if you are comfortable with a skill that maintains a long-term student mistake profile and shares selected records with related learning-analysis and reminder skills. For student or minor use, require explicit consent, crop personal details out of images, and prefer local-only or no-share operation unless retention, review, and deletion controls are available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description uses broad trigger phrases such as '帮我分析错误原因' and references common student behaviors like sending a problem image or saying they got a question wrong. Without tighter qualifiers, the skill may activate in conversations that only seek general tutoring, causing unnecessary collection, storage, and downstream sharing of student data. In this context, over-triggering is more dangerous because the skill persists records and coordinates with other skills.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger section lists many overlapping educational scenarios but does not define when this skill should defer to other tutoring, homework help, or subject-specific skills. That ambiguity can cause unintended invocation, duplicate handling, and excessive data retention or sharing across skills. Because this skill writes structured archives and triggers reminders, a false activation has privacy and workflow consequences beyond a harmless UX issue.

Missing User Warnings

High

Confidence: 98% confidence
Finding: This section defines persistent archival of detailed student learning data and later sharing with other systems such as reminders, DNA profiles, and reports, but it does not clearly inform the user that their answers, status, history, and derived weakness labels will be stored and shared. For minors or students, this creates a significant privacy risk because sensitive educational profiling is built beyond the immediate tutoring interaction. The skill context makes this more dangerous, not less, because it systematizes longitudinal tracking and categorization of a student's weaknesses.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that image extraction depends on multimodal models or local OCR services, but it does not notify the user that uploaded images may be processed by those components. Users may unknowingly submit homework sheets or photos containing names, school information, or other personal content. In a student-facing skill, failing to disclose image processing is a meaningful privacy issue.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill instructs long-term collection of detailed student records, including answers, inferred root causes, mastery state, warning state, and subject-specific weakness metadata, then links that data to other skills and reports. This exceeds immediate tutoring needs and creates educational profiling risks, especially when the user may be a minor. The danger is amplified by the accumulation of historical patterns and labels such as '顽固弱项' that may persist without clear consent or lifecycle controls.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The handover workflow explicitly forwards student answers, correct answers, question summaries, conversation fragments, anxiety signals, and related history to another skill. This is cross-component sharing of sensitive student-derived data without visible consent, minimization, or safeguards, increasing the risk of overexposure and secondary use. In this educational context, transmitting anxiety-related signals is especially sensitive because it crosses from tutoring into behavioral profiling.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The physics handover mirrors the same privacy issue by requiring transmission of user answers, history references, judgment clues, and dialogue fragments to another skill without explicit privacy guardrails. This creates unnecessary propagation of student data across system boundaries and enlarges the attack surface for misuse or accidental exposure. Because the workflow also transmits inferred diagnostic information, it can deepen profiling beyond what the user likely expects from a single help request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal