Back to skill

Security audit

Chatmosp Msr Generator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently runs a disclosed ChatMOSP structure-generation workflow and sends the generated images to the user, with no evidence of hidden persistence, credential theft, or destructive behavior.

Before installing, confirm you are comfortable with the skill running the local mosp-for-chatMOSP Python scripts and sending generated structure PNG/GIF files through Feishu. Verify the Feishu recipient or channel for confidential work, and the publisher should clean up the language-routing comments to avoid operator confusion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The language-routing block is internally inconsistent: it appears in `SKILL_cn.md` but instructs the agent to read `SKILL_cn.md` for English users and to continue using `SKILL.md` for Chinese users, while also labeling the current file as the Chinese authority. This creates ambiguous control flow and can cause the agent to load a different instruction file than the user would reasonably expect, enabling instruction shadowing or bypass of review if paired documents diverge.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.