动态提示生成服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is not clearly malicious, but it asks for and stores an API key, sends user project or bug details to an external service, and contains mismatched copied references that make its real scope hard to trust.

Review this before installing. Only use it if you are comfortable giving a xiaobenyang API key to the skill, storing that key in a local .env file, and sending prompt-generation inputs such as project context, codebase analysis details, or bug reports to the remote service. Avoid pasting secrets, customer data, incident details, or proprietary architecture until the publisher removes the copied gaokao/school-search references, documents the remote data flow, and improves secret storage.

SkillSpector (17)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill claims to assemble prompts/templates, but the documentation requires a remote API key and external API usage to obtain results. This expands the trust boundary beyond a local assembly tool and creates hidden risks around credential handling and external data disclosure.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The project structure and workflow contain unrelated 'gaokao' and school-search references, indicating copied or mixed functionality inconsistent with the advertised service. Such inconsistencies are risky because they suggest poor change control and raise the chance of unintended API calls, data handling, or latent functionality outside user expectations.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The example tool invocation uses a school-search function that conflicts with the declared prompt-generation toolset. This inconsistency can cause an agent or integrator to call the wrong function, potentially sending user input to an unintended backend or exposing unrelated data flows.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The module handles persistence and retrieval of an API key for a different-looking service domain ('高考' / xiaobenyang) than the declared skill purpose ('动态提示生成服务'). This mismatch is a supply-chain red flag because it can cause operators to expose credentials to unexpected backends or bundled functionality they did not intend to trust.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill provides local credential persistence by writing the API key into a plaintext .env file without strong justification from the declared functionality. Persisting secrets expands their lifetime and attack surface, making accidental disclosure via local file access, backups, repository inclusion, or later exfiltration more likely.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to collect a user API key and persist it via configuration without warning about storage location, retention, or exposure risks. Collecting and retaining secrets without transparent handling guidance can lead to credential leakage, unintended reuse, or compromise of the user's external account.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instructions tell the agent to directly reorganize and display raw API response data, but raw responses may include sensitive, malformed, or adversarial content. Without filtering or schema enforcement, the skill can leak confidential data or propagate unsafe output directly to users.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The function persists an API key to .env automatically and silently, with no user-facing confirmation or warning that the secret will be stored on disk. This can surprise users into leaving long-lived credentials in plaintext locations that may be readable by other tools, users, backups, or source control workflows.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The function forwards user-supplied project context and analysis parameters to an external API via call_api without any visible disclosure, consent flow, or minimization controls in this file. Because these inputs may contain proprietary requirements, architecture details, or other sensitive business data, silent transmission creates a real data-exposure risk, especially in an AI prompt-generation service where users may paste confidential material.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This API wrapper sends analysis inputs externally with no evidence here of notice, opt-in, or sensitivity filtering. Codebase analysis requests often include internal stack details and operational context; forwarding them to a remote endpoint can expose sensitive metadata or proprietary implementation information if users assume processing is local.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The bug-analysis path transmits bug_context to an external API, and bug reports frequently contain stack traces, tokens, URLs, customer data, or incident details. Sending that material off-box without an explicit warning or sanitization step materially increases the chance of confidential data leakage and can worsen the impact during active incidents.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill explicitly directs the model to ask for a sensitive credential and store it for later use. In the context of an agent skill, this is dangerous because it normalizes secret collection through natural-language prompts and may capture credentials in conversation history, logs, config files, or other insecure storage.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Telling the model to directly display reorganized raw API data encourages unreviewed propagation of upstream content to the user. In this skill context, where data comes from an external service and the skill already has inconsistent documentation, that increases the risk of leaking unexpected sensitive content or relaying prompt-injection-style payloads from the API.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 pydantic>=2.7.0 pydantic-settings>=2.2.0 python-dotenv>=1.0.1
Confidence: 97% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 pydantic>=2.7.0 pydantic-settings>=2.2.0 python-dotenv>=1.0.1
Confidence: 97% confidence
Finding: pydantic>=2.7.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 pydantic>=2.7.0 pydantic-settings>=2.2.0 python-dotenv>=1.0.1
Confidence: 96% confidence
Finding: pydantic-settings>=2.2.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 pydantic>=2.7.0 pydantic-settings>=2.2.0 python-dotenv>=1.0.1
Confidence: 96% confidence
Finding: python-dotenv>=1.0.1

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal