Back to skill

Security audit

财富认知操作系统Skills Pack

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a business and wealth-advice prompt pack, but it includes overbroad local file permissions that could expose private notes and user profile data.

Review this carefully before installing. The content itself is mainly advisory, but remove or narrow .claude/settings.local.json permissions unless you intentionally want the agent to read broad local drives and search for private note repositories. Also treat the business guidance as a framework, not professional legal, tax, investment, or ethics advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill requests broad read access to multiple user drives and explicitly searches for note repositories such as 'biji', '笔记', and '.obsidian', which can expose large amounts of sensitive personal or business information unrelated to providing wealth advice. In this skill context, the scope is not justified by the declared functionality, and the combination of filesystem discovery, unrestricted reading, and WebSearch materially increases the risk of privacy invasion, prompt/data exfiltration, or misuse of confidential notes.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description advertises automatic activation for very broad terms like赚钱、生意、营销、投资、管理、人脉、时间管理, which are common across many ordinary conversations. This can cause unintended invocation, unnecessary context loading, and overreach into sensitive financial or business advice domains without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The routing rules rely on ambiguous natural-language triggers such as 怎么卖, 我自己, or 看不懂, which are too generic to safely determine when this skill should take control. In practice, this increases the chance of accidental activation or misrouting, especially because the skill covers finance, marketing, strategy, and personal branding topics.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Forcing Chinese output by default without considering user preference can override the user's requested language and reduce transparency or usability. While not a direct code-execution risk, it is a policy/control weakness because it can interfere with user intent and make compliance or safety messaging less understandable to some users.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The document explicitly presents a deceptive growth tactic as an example: using operators to impersonate legitimate participants during cold start ('自己当托'). Even if framed illustratively, this normalizes fraudulent user manipulation and could lead operators to deploy fake accounts, misrepresentation, and trust abuse in real products.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.