pengyouquan-pangyu

Security checks across malware telemetry and agentic risk

Overview

This skill locally saves WeChat-style writing samples to personalize future posts, which is privacy-sensitive but matches its stated purpose and shows no exfiltration or hidden execution.

Install only if you are comfortable with the skill retaining writing samples you provide for future personalization. Avoid pasting sensitive posts, and periodically review or clear references/posts.md and references/style.md if you no longer want the skill to remember prior writing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to immediately persist user-provided reference posts without first giving a clear storage notice or obtaining explicit consent. Because writing samples and social posts often contain personal, sensitive, or identifying information, default persistence creates a privacy risk and may surprise users who believed they were only sharing temporary context for generation.

Ssd 3

Medium

Confidence: 98% confidence
Finding: This section mandates storing user writing samples and approved outputs in a persistent reference library, but it does not require data minimization, sensitivity screening, or user review of the exact content being retained. That creates a durable repository of personal expression that could include names, locations, schedules, emotional disclosures, or other sensitive details unnecessary for the skill's core function.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill's long-term accumulation model increases risk because it is specifically designed to build an evolving corpus of the user's prior posts and derived style summaries for future reuse. Even if intended to improve personalization, the more content retained over time, the greater the exposure of private habits, relationships, writing patterns, and potentially deanonymizing personal signals.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The 'Handling Incoming Reference Materials' workflow tells the agent to treat incoming past posts as saveable by default and to write them before replying, which removes meaningful consent and contextual validation. In this skill context, users may paste highly personal WeChat Moments content containing sensitive life details, so automatic ingestion materially increases privacy and retention risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal