Back to skill

Security audit

System Awakening

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent learning assistant, but it asks for broad persistent changes to the local agent skill environment without clear enough user control.

Review before installing. Use it only if you are comfortable with a skill that can search the web, generate new local skill files, update progress memory, and perform delegated tasks. Ask the agent to preview generated files before saving them, require confirmation before execution-mode actions, and avoid using broad trigger phrases casually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill is framed as a learning-resource generator, but it also grants itself broad authority to perform tasks on the user's behalf in 'execution mode'. That expands its privilege and behavioral scope significantly, creating a confused-deputy risk where a user may trigger substantive actions under an educational pretext without clear safety gating, approval boundaries, or task restrictions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README advertises activation phrases such as "系统在吗" and "我想学 X," which are common conversational language and can be triggered unintentionally in normal dialogue. In an agent skill that can initiate web searches and generate plugin files, overly broad triggers increase the chance of accidental invocation and unintended downstream actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the skill will automatically search the web and generate independent plugin files, but it does not warn users about external network access, provenance risks, or local filesystem changes. Because the skill also supports an "execution mode," the combination of autonomous retrieval plus artifact generation materially raises the risk of prompt-injection from web content, unsafe persistence, and user surprise.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases include very generic everyday language such as '系统在吗', '我想学', and '学习技能', which can easily match ordinary conversation. This makes unintended activation more likely and can cause the skill to hijack unrelated user interactions or run workflows the user did not mean to invoke.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation logic maps multiple broad, common inputs directly into skill modes, including execution behavior, without robust disambiguation. Because generic phrases are treated as invocations, a normal conversational request could unintentionally trigger planning, data access, or task execution paths.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes automatically creating files under ~/.workbuddy/skills and later writing progress updates to plugin files and memory, but it does not provide a clear upfront consent mechanism before modifying local state. Silent or assumed persistence can surprise users, create privacy issues, and enable unwanted filesystem changes from casual interaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.