Matplotlib Chinese Font

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Matplotlib font troubleshooting guide; its main risk is a disclosed cache-clearing step that deletes local Matplotlib cache files.

Install only if you need help with Chinese font rendering in Matplotlib. Before running the cache-clearing command or helper script, understand that it deletes local Matplotlib cache files so they can be rebuilt; try listing or testing fonts first if you only need diagnosis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill includes a destructive shell command to delete a user cache directory without any explicit warning, confirmation step, or safer alternative inline. Although the target path is limited to Matplotlib's cache, presenting `rm -rf ~/.matplotlib` in documentation can normalize unsafe deletion practices and may lead users or agents to run it blindly.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The troubleshooting guide recommends deleting the matplotlib cache with a destructive shell command but does not warn users about what will be removed, the scope of the path, or safer alternatives. While `rm -rf ~/.matplotlib` is narrower than a full home-directory wipe, normalizing recursive deletion commands in documentation can still lead to accidental misuse, path expansion mistakes, or cargo-cult copying in privileged contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal