Back to skill

Security audit

教育资源下载助手

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it gives practical help for bulk downloading and bypass-style troubleshooting on education platforms, so it needs user review.

Install only if you intend to use it for content you are clearly allowed to download. Prefer official offline/export features, verify any GitHub tools before running them, and avoid using cookie/session handling, User-Agent changes, m3u8 extraction, or anti-rate-limit troubleshooting to bypass platform rules or access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill presents itself as compliant and says it will not generate crawler code, but it then provides concrete guidance for downloading protected platform resources using downloader tools, scripts, cookie refresh, anti-rate-limit tuning, User-Agent configuration, and m3u8 extraction. This contradiction increases the likelihood that the skill will be used to automate unauthorized content retrieval while giving users a false sense of policy safety.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The trigger behavior explicitly tells the agent to generate a download script, despite earlier claims that AI should only help with configuration and not automate retrieval. In practice this enables one-command downloading workflows for third-party educational platforms, lowering the barrier to repeated or unauthorized copying of copyrighted material.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase for 'download education courses' is broad enough to activate on many ordinary requests, causing the skill to steer users toward scraping, downloader tools, and extraction workflows even when the user's intent and authorization are unclear. Broad activation increases accidental misuse and widens the set of situations in which the agent may facilitate policy-violating or unauthorized downloading.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The condition 'write a download script' lacks guardrails about platform authorization, allowed content, or acceptable automation level. That ambiguity makes it easy for users to obtain scripts that automate retrieval from services with access controls, rate limits, or contractual restrictions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.