Security audit

中医执业医师备考助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a local exam-study helper that stores study progress and wrong-answer records, with no evidence of exfiltration, destructive behavior, or hidden privileged activity.

Install only if you are comfortable with local retention of study history, wrong answers, review timing, preferences, and document-cache metadata. Review or delete the skill's memory folder when no longer needed, and expect the export feature to need an OUTPUT_DIR fix before it works reliably.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill defines a document-sync/read pathway that goes beyond the advertised scope of generating study plans, evaluating answers, and managing wrong questions. Even though it currently returns an instruction object rather than directly reading files, it creates a capability boundary expansion where the host may be induced to access local documents based on skill-controlled parameters.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The desktop synchronization capability is unrelated to the core exam-assistant function and would, if implemented, expand access to local user files. Unnecessary file-access features increase the attack surface and can be repurposed to exfiltrate or inventory sensitive documents under the guise of study assistance.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly states it persists learning progress via simple-memory, but the documentation does not clearly warn users that their study history and wrong-question data will be retained across sessions. This creates a privacy and transparency issue: users may provide sensitive study materials or personal performance data without informed consent about retention.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The export feature describes generating a Word document containing wrong-question data, but does not warn that a file will be created on disk or explain where it will be written. This can expose sensitive exam answers, notes, or learning history to other local users or to unintended directories if the output path is broadly accessible.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The memory file list reveals that the skill stores user profile data and document cache data in addition to progress and wrong questions, yet no explicit privacy warning or data minimization statement is provided. Caching uploaded document-derived information and user preferences may retain sensitive educational content longer than users expect, increasing privacy and secondary disclosure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal