智能钓鱼选点分析助手

Security checks across malware telemetry and agentic risk

Overview

This fishing helper is coherent, but it automatically reads precise photo GPS data and sends coordinates for weather lookup without clear user-facing consent.

Review before installing if you do not want uploaded photos checked for precise GPS metadata. Prefer using city or district-level location, and avoid uploading original photos with GPS EXIF when sharing sensitive fishing spots or private locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs automatic extraction of EXIF GPS coordinates from uploaded photos without first obtaining explicit, user-facing consent or warning that precise location metadata may be read. GPS EXIF data can reveal a user's exact whereabouts or habitual fishing locations, creating meaningful privacy and safety risks, especially when later combined with external weather requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal