数学复习资料生成器

Security checks across malware telemetry and agentic risk

Overview

This skill creates local math review HTML files and runs local validation scripts, with disclosed but somewhat broad file-writing and memory behavior users should understand.

Install this only if you want a skill that writes HTML review documents into your current workspace, runs its bundled Python validators on those documents, and records a short local memory entry afterward. Use explicit requests for generated files, and disable or avoid the memory step if you do not want task paths or summaries retained locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill mandates writing persistent work-memory records after every task, including file paths, content summaries, and issue history, even though this is not necessary to fulfill the user's request for a math review HTML file. This creates avoidable data-retention risk and can leak user content or workspace metadata into a long-lived store without clear consent or minimization.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match ordinary math-help requests, which can cause the skill to activate unexpectedly in unrelated conversations. Because this skill automatically generates HTML output, overbroad activation increases the chance of unintended file generation or the model choosing this workflow when a simpler, safer response would have been more appropriate.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The README does not clearly disclose that the skill will automatically generate and deliver HTML files, which can surprise users and reduce informed consent around side effects. While not directly enabling code execution by itself, hidden file-generation behavior can lead to unsafe assumptions about what the assistant will produce and when.

Vague Triggers

High

Confidence: 89% confidence
Finding: Allowing the skill to be invoked 'in any conversation' makes activation overly broad and increases the chance it will run in contexts where the user did not intend file generation, validation, or memory writes. Broad triggers raise the risk of surprise side effects and misuse, especially because this skill writes files and performs local reads.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The listed trigger phrases are common tutoring requests that can appear in ordinary educational conversations, so the skill may activate when the user only wants advice or short answers rather than filesystem operations and document generation. Because the workflow includes writing files and persistent records, ambiguous triggering materially increases the chance of unintended actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill specifies saving output to the current working directory and later writing persistent memory records, but it does not require a user-facing warning or confirmation before modifying local storage. Hidden or surprising writes are risky because users may not expect files to be created in their workspace, and the current directory may contain sensitive or project-critical material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal