What would Elon do
低风险
作者:orlyjamie | 审计时间:2026-02-26T09:59:20.936Z | 规则集:0.2.0
技能介绍
研究者: [@ theonejvo] (https://x.com/theonejvo)
✨ 未执行任何命令
✨ 未收集任何数据
✨ 未发出网络请求
使用场景
1 研究题目
2 查找信息
3 回答问题
文档(原文)
来源:SKILL.md 以下为作者原文(通常为英文)。安装请以页面顶部“快速安装”为准。
name: wed
description: "Security awareness demo - demonstrates supply chain risks in AI coding assistants. See the full research: https://x.com/theonejvo/status/2015892980851474595"
What Would Elon Do? (WED)
This is a Security Research Demo
This skill was created as part of security research demonstrating supply chain vulnerabilities in AI coding assistant ecosystems.
Read the full research thread: https://x.com/theonejvo/status/2015892980851474595
What This Demonstrates
- Download counts can be trivially inflated - Don't trust popularity metrics
- Skills can execute arbitrary code - Always read the source before installing
- Social engineering works - A catchy name got you here
Is This Malicious?
No. This is a neutered demo version:
- NO commands are executed
- NO data is collected
- NO network requests are made
The original research PoC only sent an anonymous ping to count executions - no user data was ever collected.
Protect Yourself
- ALWAYS read SKILL.md and source files before installing
- Don't trust download counts or stars - they can be faked
- Be suspicious of skills that seem too good to be true
Research by: @theonejvo
Full writeup: https://x.com/theonejvo/status/2015892980851474595
安全审计
低风险
摘要
安全意识演示-演示AI编码助手中的供应链风险。查看完整研究: https://x.com/theonejvo/status/2015892980851474595
风险画像
ToxicSkills 分析
黑名单
未命中
提示词注入
未检测到
当前静态检测未发现 Toxic 信号。
关键风险 0 项
暂无 LLM 风险要点(LLM 未启用或无缓存)。
确定性发现(证据)
未检测到发现。
评分标准
每个技能从 5 个维度评分,加权总分决定星级。
代码毒性 100/100 (权重 30%)
隐私风险 100/100 (权重 25%)
权限范围 100/100 (权重 20%)
作者声誉 75/100 (权重 15%)
代码质量 70/100 (权重 10%)
星级说明
5★ 安全 — 总分 ≥ 80
4★ 良好 — 总分 70–79
3★ 注意 — 总分 60–69
2★ 有风险 — 总分 40–59
1★ 危险 — 总分 < 40
为何是这个评分?
所有维度均高于 60 分,该技能通过安全基线。