横纵分析法

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed research-report framework that may save Word reports to the Desktop, with no executable code or hidden data access found.

Install this if you want a structured Chinese-language framework for research reports. Before running it, tell the agent where to save any Word document, require confirmation before writing to Desktop, and ask it to avoid overwriting existing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to always write a .docx file to ~/Desktop/ on the user's system without explicit user consent, confirmation, or safety notice. Forced local file creation is a real security/privacy concern because it causes side effects on the host environment and may overwrite files, leak sensitive content into a visible location, or normalize unauthorized filesystem writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal