Back to skill

Security audit

Shanku Paolu 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is a local file-scanning and ZIP backup helper, but it is framed around pre-resignation file collection and uses remote browser scripts despite local-only claims.

Only install this if you intend to use it for files you own or are explicitly authorized to export. Do not use it for employer, customer, confidential, regulated, or offboarding data without written permission. Be aware that opening the scanner loads third-party CDN scripts, so the 'local-only' privacy claim is incomplete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation asserts the tool is 'zero dependency' and that files never leave the local machine, yet later states it relies on external CDN-hosted libraries and network access. That mismatch can mislead users into trusting the tool with sensitive files under false assumptions, and CDN-loaded JavaScript introduces a supply-chain and data-exposure risk inconsistent with the stated privacy model.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest markets the skill as a pure single-file, zero-dependency local backup/scanning tool, but the same document later discloses dependence on external CDN libraries. This creates a deceptive trust boundary: users may believe they are using an offline local-only tool when in reality remote code may execute in the browser, increasing exposure to tampering or unexpected network interactions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata and UI claim a zero-dependency, local-only single-file tool, but the page loads executable JavaScript from multiple remote CDNs. That means opening the file causes network access and trusts third-party code execution in the same origin as the file-processing logic, so a compromised CDN, tampered dependency, or version drift could exfiltrate selected files or file metadata despite the local-processing claim.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The safety notice explicitly assures users that files are handled locally and not uploaded, but the page still downloads and executes remote scripts before any processing occurs. In a file-scanning and packaging tool meant for '离职备份/删库跑路' scenarios, this misleading assurance increases the likelihood that users will expose sensitive corporate documents to supply-chain compromise or malicious script behavior.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are broad enough to activate on ordinary requests about backup, file scanning, or organization, but the skill's purpose is framed around pre-resignation file collection. That broad activation scope increases the chance the agent will inappropriately steer routine user interactions toward bulk scanning and packaging of files, including potentially unauthorized workplace data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages users to scan directories and package selected files for download without any privacy, authorization, or sensitive-data handling warnings. In the context of workplace resignation and bulk file discovery, this omission materially increases the risk of unauthorized collection of confidential documents, personal data, or regulated information.

Ssd 4

High
Confidence
98% confidence
Finding
The skill is explicitly branded and described for use in a pre-resignation context, including the phrase '删库跑路', which strongly signals unauthorized data collection or destructive insider behavior. In that context, a tool for scanning and backing up files is materially more dangerous because it normalizes and facilitates bulk removal of workplace data under the guise of routine organization.

Ssd 4

High
Confidence
98% confidence
Finding
The workflow provides concrete operational steps to locate a prepared scanner on the desktop, open it, scan folders, select files, and package them for download. Because the surrounding context is employee departure and file backup, these instructions function as procedural enablement for bulk collection and possible exfiltration of sensitive organizational data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.