Deepseek Reasonix F074f8

Security checks across malware telemetry and agentic risk

Overview

This is a simple tutorial-style skill with broad activation keywords but no code, credential use, persistence, or high-impact actions.

Install this if you want a lightweight DeepSeek-Reasonix tutorial helper. Be aware it may be selected for generic DeepSeek mentions; narrowing or disabling the trigger would reduce accidental activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger field includes very broad terms such as "DeepSeek" and "Reasonix", which can match many unrelated user requests and cause the skill to activate unexpectedly. In an agent environment, unintended activation can route conversations into irrelevant or lower-quality behavior and, if the skill later gains privileged actions, widen the attack surface for prompt or workflow hijacking.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The documented trigger scenarios include vague conditions like users needing "deepseek-reasonix related help" and also repeat generic terms, leaving no clear boundary for when the skill should run. This ambiguity increases accidental invocation risk and can make the agent select this skill in contexts where it is not appropriate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal