模型微调 9acd6f

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk instructional fine-tuning skill, with quality and trigger-scope issues but no evidence of harmful access or behavior.

Install only if you are comfortable treating it as informal guidance rather than authoritative fine-tuning documentation. Verify any training steps, datasets, and model-specific commands against primary sources before running them, especially for GPU, package, or dataset operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The file claims to teach model fine-tuning, but the listed B站 learning sources are unrelated product/media links, which undermines provenance and can mislead downstream agents or users about the basis of the skill. This is dangerous because it creates a false sense of authority and may cause the agent to surface irrelevant or low-integrity guidance under a technical skill label.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions are broad phrases such as '模型微调' and '用户需要模型微调相关帮助', which can cause the skill to activate in many loosely related contexts. Over-broad activation is dangerous because it can inject low-quality or irrelevant instructions into unrelated conversations, especially here where the skill content already shows weak source integrity.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal