Back to skill

Security audit

TRAE指挥官

Security checks across malware telemetry and agentic risk

Overview

This skill is aligned with automating TRAE, but it can create files, launch an IDE, and submit prompts through desktop automation with weak targeting and approval safeguards.

Install only if you intentionally want a local TRAE automation controller. Use it in a fresh or version-controlled project directory, confirm the TRAE executable path and focused window before auto-send, avoid secrets in prompts, and review generated changes before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents capabilities to launch processes, read and write project files, and interact with the desktop, but it declares no permissions. That mismatch is dangerous because it hides the true execution surface from any permission or consent model, increasing the chance of silent file modification, shell/process execution, and unintended access to local data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document promotes automatic prompt sending via GUI automation and persistent config/file creation, but provides no warning that these actions can interact with the user's desktop, modify files, and trigger unintended operations. In an agent skill context, omission of consent and safety guidance is risky because users may invoke automation expecting a passive helper rather than a tool that actively controls applications and writes to disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Advertising a 'one-click' flow that creates project structure, launches the IDE, and sends prompts automatically increases the chance of accidental execution without informed user consent. In this skill's context, the orchestration role makes the behavior more dangerous because users are encouraged to delegate multi-step development tasks, amplifying the impact of mistaken launches, unintended file writes, or prompt injection into the target IDE.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation criteria are broad enough to trigger on ordinary software-help or planning requests, increasing the chance that an automation-heavy skill runs when the user only wanted advice. In this skill's context, mistaken invocation is more dangerous because the documented behavior includes launching an IDE, creating files, and sending prompts automatically.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill promotes one-line automation that creates files, launches an IDE, and injects prompts, but it does not present a prominent warning or consent checkpoint before system-modifying actions. In an agent environment, this can lead to unexpected local changes and process execution from a seemingly informational skill, making accidental misuse significantly more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code copies arbitrary prompt text to the system clipboard and immediately pastes it into another application without warning the user that sensitive content may be exposed. Clipboard contents are globally accessible to other local processes and may persist after use, creating a realistic confidentiality risk for prompts containing credentials, proprietary code, or internal requirements.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The generated prompt explicitly instructs the downstream agent to work autonomously, create files, and proceed without user confirmation, while the helper wraps this into a near one-click workflow. In an orchestration skill, that increases the chance of unintended file creation or modification in the target project without informed user approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.