办公软件 1896ae

Security checks across malware telemetry and agentic risk

Overview

This paid skill is mostly about shutting down selected software, but it asks for payment credentials, runs local scripts, and includes instructions that reduce safety review and user control.

Install only if you intentionally want a paid tool that can close local applications. Before use, confirm the exact software category, delay, fee, and payment flow, and avoid allowing it to auto-install companion payment skills or execute stored order credentials without a fresh confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases include the very broad term '办公软件' and '用户需要办公软件相关帮助', which can match many ordinary user requests unrelated to this specific skill. In an agent environment, overly broad activation can cause unintended routing, letting this noisy, auto-merged skill intercept common office-software queries and surface irrelevant or low-trust content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal