Deepseek Reasonix

Security checks across malware telemetry and agentic risk

Overview

This skill appears low-risk, though its trigger wording is broader than ideal and could activate during unrelated Claude discussions.

Before installing, be aware that ordinary mentions of Claude could invoke this skill unexpectedly. Prefer using it only by its specific name, and review the small Python helper if you do not want it writing a temporary cache.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger phrase includes the single common term "Claude", which is far too broad for safe skill activation. This can cause the skill to activate during unrelated user requests about Claude products or models, leading to unintended instruction injection, context hijacking, or execution of the wrong workflow.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The condition "用户需要...相关帮助" is ambiguous and insufficiently constrained, allowing the skill to match loosely inferred intent instead of explicit user consent. In an agent environment, this increases the chance of accidental activation and unintended application of the skill's instructions to unrelated tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal