book-write

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language novel-writing workflow skill with local Markdown project files and no hidden code execution or credential use.

Install this if you want a structured Chinese-language long-form fiction workflow. Use it in a dedicated project folder, review proposed file changes before confirming them, and avoid putting private story details into web-search queries unless you are comfortable sharing those terms with a search provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation description is broad enough to match many ordinary writing requests, causing the skill to engage outside its intended scope. That can override more appropriate system behavior and impose its rigid workflow, file-management rules, and external-search guidance on users who only wanted lightweight writing help.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill is written to operate in Chinese throughout and does not offer a user-language choice or explain a necessary locale restriction. If activated for users in other languages, it can degrade usability, cause misunderstanding of instructions, and increase the chance of incorrect or unsafe handling of user requests due to language mismatch.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal