每日笔记深度解读

Security checks across malware telemetry and agentic risk

Overview

This notes skill is coherent, but it requires broad historical-note reading and full-text model analysis without clear opt-in or limits.

Install only if you are comfortable with the agent reading today's notes and searching older notes in the configured folder. Set NOTES_DIR to a narrow notes-only directory, exclude sensitive journals or private archives, and ask the agent to confirm before historical analysis or to use snippets instead of full note text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs searching across all historical notes and performing cross-note analysis without requiring explicit user consent, preview of scope, or minimization. In a notes skill, historical notes are likely to contain sensitive personal data, so broad collection and model exposure materially increases privacy risk beyond the user's immediate request to summarize today's notes.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to search all historical notes and provide the full text of both today's notes and matched historical notes to the model for relevance ranking. This is a clear over-collection pattern that can expose large volumes of private user content to the model without necessity or explicit informed consent, especially since only top related notes are ultimately needed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal