Security audit

Book Deep Study

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only book study skill with no executable behavior, though it is deprecated and mostly Chinese-language.

Before installing, note that this version is mainly a deprecated pointer plus Chinese-language study references. Confirm which canonical skill will actually run, and avoid providing private PDFs, screenshots, or notes unless you are comfortable having the agent process that material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The file’s operational instructions are written as direct behavior requirements in Chinese, beginning with an instruction to adopt a specific role, and the entire response template is defined only in Chinese. This effectively imposes a language/locale choice on the interaction without any user opt-in or documented justification, which matches the language-policy violation criterion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal