Story Long Scan

Security checks across malware telemetry and agentic risk

Overview

This skill coherently scrapes public web-novel ranking pages and writes scoped Markdown analysis outputs for the user.

Install if you are comfortable with a skill that fetches public ranking pages, drives a browser-CDP session for some sites, and saves Markdown reports into the output directory you choose. Use a dedicated output folder and be cautious about running CDP scraping against a browser profile logged into sensitive accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill presents itself as analysis-only, but it directs the agent to create and write a `选题决策.md` file in an output directory. Undisclosed file creation is a real security-relevant side effect because it can modify the local workspace and persist derived content without clear prior user consent. The danger is moderate rather than high because the writes appear scoped to expected output, not arbitrary filesystem manipulation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal