Back to skill

Security audit

效率操作系统(中文版)

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only Chinese productivity template that keeps planning and income-tracking notes locally, with no code execution or external data transfer found.

Install only if you want a local file-backed productivity system. Keep its folder private, avoid storing secrets, and be careful with real income, client, or platform details because those notes will persist on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The quick-query triggers are broad, everyday phrases like '今天干啥' or '本周计划' that can easily appear in normal conversation and unintentionally activate file reads or workflow actions. In a skill that maps these phrases directly to local productivity files and operational flows, ambiguous activation increases the risk of unintended data access or modification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs creation of a directory tree and repeated updates to multiple local files, but it does not provide a prominent, explicit warning that using the skill will write to the user's filesystem. This is dangerous because users may trigger setup or routine flows expecting advice, while the agent performs persistent local state changes that can overwrite notes, create sensitive records, or expand stored personal data without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.