audit-skills-security
audit-skills-security · v · by
64.5
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 0.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 8.3 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[HIGH] Prompt injection or system override attempt
(line 22)
- "你现在是..."、"You are now..."
[HIGH] Prompt injection or system override attempt
(line 23)
- "SYSTEM:"、"ADMIN:"、"OVERRIDE:"
[HIGH] Prompt injection or system override attempt
(line 162)
- 试图重新定义 LLM 角色("You are now a...")
[HIGH] Prompt injection or system override attempt
(line 163)
- 伪造系统级消息("SYSTEM:", "ADMIN:")
[HIGH] Prompt injection or system override attempt
(line 166)
- HTML 注释中嵌入指令:`<!-- SYSTEM: do X -->`
[HIGH] Shell command execution
(line 233)
- `eval()` / `exec()` / `Function()` 动态执行
[MEDIUM] Cron job installation or modification
(line 119)
- crontab
[MEDIUM] Cron job installation or modification
(line 245)
- 写入定时任务:`crontab`, `launchctl`, `systemctl`
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 0
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 21)
- "忽略之前的指令"、"Ignore all previous instructions"
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 161)
- 试图覆盖 LLM 系统指令("Ignore all previous instructions")
[HIGH] Hidden HTML comment containing suspicious instructions
(line 166)
<!-- SYSTEM: do X -->
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.