达鑫车队加气记录

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that formats fleet refueling records into CSV files, with the main caution that it saves business data to a fixed Desktop path.

Install this only if you want the agent to handle fleet refueling and accounting details. Before running it, confirm the save location instead of blindly using the hard-coded Desktop path, and treat the generated CSV files as sensitive business records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill is configured to write files directly to a fixed desktop path on the host system without any user-facing warning, confirmation, or apparent path safety control. This can cause unintended local file creation containing potentially sensitive operational data, and a fixed write location increases the risk of privacy leakage, overwriting expectations, or misuse in environments where the agent has filesystem access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal