Back to skill

Security audit

English Assessment

Security checks across malware telemetry and agentic risk

Overview

This English assessment skill is review-worthy because it hides a network diagnostic trigger and uses local credential-style API access, even though most assessment features are purpose-aligned.

Review before installing. This skill can store your assessment performance locally, export or merge it into Feishu documents if permissions exist, make web requests to multiple external sources, and use a local token service for a search API. Install only if you trust the publisher and are comfortable with the hidden DIAG-SEARCH behavior and credential flow; otherwise ask the publisher to remove or fully disclose those parts first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The hidden `DIAG-SEARCH` feature is an undocumented backdoor-style capability that triggers broad connectivity tests to many third-party domains unrelated to a normal user’s assessment session. Hidden features that perform network probing increase attack surface, bypass user expectations, and can be abused for reconnaissance or policy evasion even if framed as diagnostics.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds a signing secret and instructs retrieval of a bearer token from a local token service, enabling authenticated outbound requests using locally available credentials. Exposing credential material and describing how to use it inside skill content is dangerous because it can facilitate secret reuse, unauthorized API access, SSRF-style pivoting to local services, or abuse of privileged internal infrastructure.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill persistently stores assessment history, wrong answers, recent questions, and supports export/import plus remote synchronization, yet does not present clear privacy notice, consent, retention disclosure, or data handling safeguards. In an educational context this may include personally revealing performance history and imported records, so the lack of transparent user notice materially increases privacy risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The hidden diagnostics section directs the skill to contact numerous third-party services without clear user-facing disclosure or consent. Undisclosed outbound connections are risky because they can leak metadata, enable unexpected traffic to external systems, and conceal behavior that users and operators are not expecting from an English assessment assistant.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.