Back to skill

Security audit

Yao Tutorial Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent tutorial-building skill that writes local tutorial outputs and may use external research, with no hidden persistence, credential use, or unrelated system access found.

Install only if you want an agent to read the materials you provide, perform targeted web research when needed, and generate local research notes, visuals, screenshots, and export files. Review outputs before sharing, especially because internal provenance is kept in research files while public exports intentionally hide internal source IDs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that the skill may fetch external sources when user material is insufficient and will generate multiple local output files, but it does not warn users about network access, remote content ingestion, or filesystem writes. In an agent setting, this can lead to unexpected data egress, unreviewed retrieval from untrusted sources, and silent creation of artifacts on disk, which increases privacy and supply-chain risk even if the behavior is intended.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad and heterogeneous, so the activation boundary for the skill is underspecified. This can cause the skill to trigger on adjacent requests it was not intended to handle, leading to misrouting, unintended execution paths, or application of the skill in contexts with different safety expectations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The display name and default prompt describe a very broad capability: researching any topic and transforming many input types into polished tutorial outputs. This can cause the skill to activate for generic education, writing, summarization, or research requests beyond a narrowly intended scope, increasing the chance of accidental invocation and unexpected handling of untrusted user-provided sources.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The default prompt hard-codes output requirements like '第1章/1.1 headings' and a centered HTML report without asking for user preference. While not a direct code-execution issue, it can force a locale and formatting choice that conflicts with user expectations, causes misleading output, or reduces accessibility and usability in contexts requiring different language or style conventions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase "any topic" creates an overly broad activation scope with no explicit exclusions for hazardous, regulated, or disallowed subject matter. In a skill that performs multi-source research and produces polished tutorial outputs, this can enable generation of high-quality instructional material for unsafe or policy-sensitive topics unless downstream safeguards are explicit.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.