Back to skill

Security audit

PCB设计助手

Security checks across malware telemetry and agentic risk

Overview

This PCB design skill is coherent and disclosed, but users should review manufacturing files before using them for fabrication or ordering.

Install only if you want an agent to help operate PCB/EasyEDA workflows and generate manufacturing packages. Before ordering or fabricating, manually review schematics, footprints, DRC/ERC results, BOM availability, electrical safety, and cost-sensitive choices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is broad and includes generic terms such as pcb, bom, schematic, and gerber without clear activation boundaries. This can cause the skill to activate in loosely related contexts and push high-impact design or production workflows when the user did not explicitly ask for manufacturing-oriented assistance, increasing the chance of unintended tool use or unsafe downstream actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill defaults to producing BOM/CPL/Gerber and describes a direct path to ordering, but it does not prominently warn users that these outputs can be used for real fabrication and assembly. In a hardware-production context, silent default generation of manufacturing artifacts can lead to accidental procurement, fabrication of flawed designs, cost loss, or physical/electrical safety issues if users mistake draft outputs for validated production files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.