Back to skill

Security audit

Ai Exam 授客AI智能考试

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it can create and assign exams, upload documents, query personal exam results, and bulk-target departments without enough privacy, scoping, or confirmation safeguards.

Install only if you are authorized to use the connected exam system and handle the documents, student or employee identities, and scores involved. Use least-privilege credentials, keep secrets out of chat logs and repositories, verify the configured API endpoint, confirm exact users and departments before assignment, and avoid running it where console logs may be broadly visible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes uploading documents, assigning exams to named users/departments, and querying individual results, but it does not warn that these operations may involve sensitive personal data, educational records, or confidential document contents being transmitted to external services. In a skill handling employee/student identities and assessment results, the lack of privacy and data-handling guidance increases the risk of misuse, non-compliant processing, and accidental exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation promotes bulk assignment and bulk result lookup for students or employees, which clearly involves personally identifiable and potentially sensitive performance data. Without privacy warnings, retention guidance, or access-control expectations, operators may use the skill in ways that expose educational or HR records to unauthorized parties or process them without adequate safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to place APP_SECRET and related identifiers in configuration but provides no warning about protecting secrets or access tokens. In practice, this omission often leads to secrets being committed to source control, copied into chat logs, or exposed in shared environments, enabling unauthorized API access and downstream compromise of exam data and administrative actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples encourage uploading local documents for AI-generated exams but do not warn users against submitting confidential, regulated, or copyrighted material. Because the feature is specifically designed to ingest internal documents, users may inadvertently transmit sensitive educational, corporate, or personal content to external services without proper review or authorization.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code bulk-fetches department members and appends all returned dept_user_id values into the assignment list, then logs assignment identifiers. In an organizational context, this can expose internal identifiers in logs and enables broad exam assignment based only on a department name lookup, increasing the risk of privacy leakage and overbroad actions if logs are accessible or inputs are mistaken/manipulated.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.