Super Search Dee798

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk, markdown-only skill that provides search-related learning notes, with only a minor risk of being triggered too broadly.

This skill appears safe to install if you want lightweight search-related guidance. Be aware that its generic Chinese trigger phrase may activate in unrelated conversations, so users may prefer narrowing or renaming the trigger for cleaner routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger string includes very generic phrases such as '冷知识' and a broad composite trigger, which can cause the skill to activate in unrelated conversations. Unintended invocation can lead to incorrect routing, confusing behavior, or accidental execution of this skill when the user did not intend to use it.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger scenarios are broad and ambiguous, especially conditions like the user saying '冷知识' or needing vaguely 'super-search related help'. This weak scoping increases the chance of accidental activation and misclassification of user intent, which can degrade security boundaries between skills and produce unintended responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal