实现计划生成

Security checks across malware telemetry and agentic risk

Overview

This is a simple planning-template skill with no hidden execution, credential use, persistence, or network behavior.

Install this if you want a Chinese-oriented implementation-plan template. Be aware that generic words like "plan" or "方案" may invoke it more often than intended, and you may need to explicitly request another language if you do not want Chinese output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation keywords are extremely broad (e.g. '计划', '规划', 'plan', '方案') and are likely to match ordinary user conversation, causing accidental invocation of the skill outside the user's intent. In an agent environment, this can override normal routing and make the system produce structured planning behavior when the user did not explicitly request this skill.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The metadata and skill content strongly bias or force Chinese-language behavior without any indication of honoring the user's current language preference. This can degrade reliability and user control, and in multi-skill systems may cause unexpected language switching that interferes with downstream tasks or policy-compliant responses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal