Back to skill

Security audit

LLM助手中枢

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent document-analysis prompt, but it exposes shell execution despite saying no command-line capability is needed.

Review before installing. The document-analysis instructions themselves look purpose-aligned, but the publisher should remove exec or clearly justify and constrain it; install only if you are comfortable with the agent having shell execution available while using this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest exposes the exec tool even though the skill is described elsewhere as a pure Markdown, no-tool workflow. This capability mismatch is dangerous because any agent honoring the manifest may permit shell execution during use, expanding the attack surface well beyond what users and reviewers would reasonably expect.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The dependency section explicitly states that no command-line execution is needed, but the manifest still enables exec. This inconsistency can mislead users, reviewers, and automated policy systems into trusting a skill that actually has code-execution capability, which could be abused if later prompt content steers the agent into running commands.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.