结构化头脑风暴

Security checks across malware telemetry and agentic risk

Overview

This is a simple brainstorming helper with no executable install payload or hidden access, though one activation phrase is overly broad.

Safe to install for structured ideation. Consider editing or ignoring the generic “想一下” trigger if accidental activation would be annoying, and check your agent’s normal note or memory settings if you do not want brainstorming outputs saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation phrase "想一下" is extremely generic and likely to appear in normal user conversation, which can cause unintentional skill invocation. In an agent environment, overly broad triggers can hijack unrelated requests, alter system behavior unexpectedly, and cause unintended data handling such as automatic note creation or knowledge-base archiving.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal