室内设计自动预算生成器

Security checks across malware telemetry and agentic risk

Overview

This is a local DXF-to-Excel interior design budgeting tool with no evidence of hidden network activity, credential use, or destructive behavior.

Install only if you need local interior-design budget drafts from DXF files. Use a virtual environment, review the local pricing JSON path before running, keep client/project data local, and manually verify quantities, rates, totals, and omissions before sharing any generated workbook.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "生成预算" is very broad and can match many unrelated budgeting requests beyond this DXF-based interior design workflow. Overly generic activation conditions increase the chance the skill is invoked in the wrong context, causing unintended handling of user requests, confusion, or incorrect file-processing behavior.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: Phrases like "室内设计预算" and "家装预算" describe a topic area rather than a precise invocation condition, so they may match informational or advisory conversations instead of requests to run this specific automation. This can lead to accidental routing to the skill when the user did not intend DXF parsing or spreadsheet generation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal