skill-to-cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chinese-localization helper, but its script can delete an existing output directory without confirmation, including a custom path outside the skills folder.

Install only if you are comfortable with a local file-management script. Use trusted source skills, avoid custom --output paths unless you have checked them carefully, back up any existing '-cn' target directory first, and review the generated SKILL.md and scripts before enabling the translated skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: If the target path already exists, the script unconditionally deletes it with shutil.rmtree after only printing a warning. Because the output path can be user-supplied via --output, a mistake or path confusion can cause irreversible data loss outside the intended skill directory.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal