雄韬B2B数字化基因诊断

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed B2B diagnosis/report generator; its main risk is that PDF export installs and runs Playwright locally, not hidden data theft or destructive behavior.

Install only if you are comfortable with Playwright being installed and Chromium being downloaded for PDF export. Generate reports in a dedicated folder, review filenames before running export, and add privacy/access-control language if you use the generated mini-program, file-upload, or customer-report recommendations in a real business system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to install software, write files, copy assets, and invoke CLI commands to render PDFs, which expands privileges far beyond a text-only diagnosis workflow. Even if intended for convenience, this creates unnecessary local execution and file-system side effects that could be abused if inputs such as file names, paths, or templates are manipulated, and it normalizes unsafe command execution in a conversational skill.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill directs runtime download of Chromium via Playwright, introducing network access and executable browser components that are not necessary for the core diagnosis function. This increases the attack surface, creates supply-chain and environment-manipulation risk, and can trigger unexpected downloads/execution in contexts where users only asked for advisory analysis.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The auto-activation trigger list contains broad, common phrases such as '数字化', '官网怎么做', and '小程序', making unintended invocation likely in ordinary conversation. Overbroad triggering is dangerous because it can cause the skill to take over interactions unexpectedly and, in this case, may lead users toward unnecessary file-generation or install flows tied to the skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The markdown prescribes creating HTML/PDF files, copying CSS, verifying output, and optionally deleting temporary files, but it does not provide prominent safety boundaries or user-facing warnings about local writes and subprocess execution. Hidden or under-disclosed file and process side effects undermine informed consent and can surprise users or operators, especially in environments where agent actions are expected to remain conversational.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The content explicitly proposes collecting company email addresses in a mini-program to deliver white papers, but provides no notice about privacy, consent, retention, or how the data will be used. In a B2B lead-generation context this can still create compliance and trust risks, especially if emails are later reused for marketing without clear disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill recommends an online DFM submission flow where customers upload 3D drawings for automated assessment, but it provides no guidance on confidentiality, retention, access control, or IP handling. In this B2B manufacturing context, CAD files and product drawings are often highly sensitive trade secrets, so omitting privacy and data-protection controls can expose valuable customer intellectual property.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The proposed customer-facing lifecycle traceability feature includes access to processing nodes and inspection reports, but the content does not mention authorization boundaries, tenant isolation, or redaction of sensitive production data. In industrial manufacturing, detection reports and process milestones may reveal specifications, quality thresholds, suppliers, and production status, making unintended disclosure commercially damaging.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal