Back to skill

Security audit

交互式生成公众号文章

Security checks across malware telemetry and agentic risk

Overview

This is a single-file WeChat article-writing helper with optional user-directed exports, not a hidden or privileged tool.

Install only if you are comfortable using it as a writing assistant that may create local article/export files when asked. Before exporting, choose a clear filename and location, check for existing files, review facts and claims before publishing, and follow any platform or workplace rules about AI-assisted content disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly claims it will generate and save files such as "配图方案.md" and export a DOCX, but it does not disclose where files are written, whether existing files may be overwritten, or require clear user confirmation on filesystem side effects. In an agent environment, undocumented local file writes can surprise users, leak content into shared workspaces, or overwrite existing documents, making this a real safety issue even though it is not overtly malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.