Library Book Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it stores a local book list, checks Shenzhen Library availability, and can optionally notify the user.

Install only if you are comfortable storing monitored book titles, authors, ISBNs, and availability status locally. If enabling email, use an app-specific SMTP credential, review recipients, protect config.yaml, and stop the scheduler when you no longer need background checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README documents scheduled monitoring and email notifications, including SMTP configuration, but does not warn users about privacy and operational risks such as repeated outbound requests to third-party library services, storage/handling of email credentials, and disclosure of reading interests through notifications. In a skill with network, filesystem, and shell permissions, this omission can lead users to deploy the tool without understanding that it may persist sensitive configuration and transmit data externally on a schedule.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase `library` is extremely broad and can activate during ordinary conversations unrelated to monitoring books. Because this skill has network, filesystem, and shell permissions, accidental invocation could lead to unintended command execution, local file changes, or background monitoring actions without sufficiently clear user intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes operations that can execute shell commands, modify local state, and start a scheduler, but it does not prominently warn users that these actions may have system effects or persist in the background. In context, this increases the chance that a user triggers monitoring or file changes without understanding that the skill may create or update data and continue running periodic checks.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase "library" is overly generic and can cause the skill to activate for many unrelated requests about libraries, research, coding libraries, or general book questions. Because this skill has network, filesystem, and shell permissions, accidental activation increases the chance of unnecessary privileged actions being taken in contexts the user did not intend.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger set broadly covers terms like "library", "book monitor", "book availability", and related Chinese phrases without clearly distinguishing this skill from ordinary book or library queries. In a skill with network, filesystem, and shell access, ambiguous routing can lead to overbroad invocation, unintended external requests, or shell/file operations triggered by normal conversation rather than explicit user intent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase "library" is extremely broad and can match many unrelated user requests, causing the skill to activate outside its intended context. Because this skill has network, filesystem, and shell permissions, unintended invocation increases the chance of unnecessary privileged execution and misuse through prompt-routing or context confusion.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The Chinese trigger "图书馆" is similarly overbroad and can appear in ordinary discussion about libraries without any intent to run a monitoring skill. In this skill's context, broad activation is more concerning because the skill is granted network, filesystem, and shell access, so accidental routing expands the attack surface.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger "借书" is a generic borrowing-related term that can overlap with normal conversation, advice requests, or unrelated library discussions. This makes accidental invocation plausible, and the permission set makes such misrouting more dangerous than in a low-privilege skill.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 90% confidence
Finding: The trigger `借书` is very short and common in normal Chinese-language discussion about borrowing books, making unintended activation plausible. While the phrase itself is not dangerous, the skill's available permissions and ability to start monitoring or modify stored book data make accidental activation more consequential than in a read-only skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal