超能文献-AI文档翻译

Security checks across malware telemetry and agentic risk

Overview

This is a normal Suppr document-translation helper, but users should understand that submitted documents or URLs go to Suppr’s external service.

Install only if you are comfortable using Suppr for document translation. Do not submit confidential, regulated, or proprietary files unless you have approval to share them with Suppr and have reviewed the provider’s retention, logging, and deletion practices.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to submit files or document URLs to a third-party API but does not clearly warn that document contents, metadata, and referenced URLs will leave the local environment and be processed by an external service. This creates a real privacy and data-governance risk, especially for sensitive, proprietary, or regulated documents, because users may invoke the skill without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal