幻觉检测器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned Chinese code review and hallucination-checking skill with usability caveats but no evidence of malicious behavior.

Reasonable to install if you want Chinese-language help checking code or AI-generated outputs. Confirm it is the intended skill before broad code-review requests, and do not treat its findings as a substitute for tests, documentation checks, or human review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation phrases "检测幻觉 / 验证代码 / 代码审查" are broad, generic requests that can easily overlap with normal user intent rather than uniquely invoking this specific skill. In an agent platform, this can cause unintended routing or automatic activation, which may interfere with user autonomy and lead to the wrong skill being applied in security- or quality-sensitive workflows.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill metadata and content are effectively Chinese-only, with no user language choice or documented reason for restricting locale. This is not a classic exploit vector, but it is a real trust and usability weakness because users may misunderstand outputs, instructions, or findings, increasing the chance of incorrect security or code-review decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal