Back to skill

Security audit

知网高级检索

Security checks across malware telemetry and agentic risk

Overview

This skill automates CNKI searches and saves exported research results locally, which matches its stated purpose, though users should supervise file output and any fallback spreadsheet generation.

Install only if you are comfortable with an agent operating CNKI in a browser, sending your search keywords to CNKI, and saving exported research files under Downloads. Confirm the keyword expansion, export count, output path, and whether the Python-to-Excel fallback may be used before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill goes beyond browser-based CNKI export by instructing the agent to move or copy downloaded files into a user directory with a renamed path. That introduces local filesystem side effects not clearly disclosed in the skill purpose, increasing the chance of unintended file creation or modification on the host.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises exporting CNKI results as a Word document, but the fallback permits generating an Excel file with Python. This is a capability expansion from browser automation into arbitrary local file generation, which can bypass user expectations and broaden the attack surface.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Allowing Python to generate a local Excel file is not necessary for the declared task of CNKI browser automation and Word export. Introducing code execution and local artifact creation creates unnecessary filesystem and execution risk, especially if the agent environment has broader access than intended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to download, rename, and move Word files locally without a clear user-facing warning that local files will be created and modified. This undermines informed consent and can lead to unexpected persistence of documents on the user's system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.