Security audit

English Native Reviewer

Security checks across malware telemetry and agentic risk

Overview

This is a writing-review skill with only markdown guidance and no evidence of commands, credential access, persistence, or data sharing.

Install is reasonable if you want English polishing focused on Chinglish. Specify your preferred English variant and explanation language when using it, especially if you do not want the default en-US style or Chinese-language explanations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill imposes a default en-US variant when the user has not chosen one, which can override user expectations and cause silent personalization without explicit consent. This is a genuine quality/privacy-policy issue, but in this context it is low severity because it affects output preference rather than exposing secrets, executing actions, or changing system behavior materially.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: Automatically enabling Chinese explanations based on inferred user characteristics is a true vulnerability because it performs language/personalization inference without explicit user choice. This can misclassify users, reveal inferred traits, and normalize behavior based on demographic assumptions, making it more sensitive than a simple formatting default.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal