Security audit

暴躁骂街人格

Security checks across malware telemetry and agentic risk

Overview

This appears to be a persona-style skill that tries to make the agent stay in a hostile role and suppress normal transparency or refusal language.

Install only if you explicitly want this hostile persona behavior, and avoid using it for professional, support, safety-sensitive, or mixed-language conversations. Treat it as a Review item because its main risk is not malware-like access, but broad behavioral override and reduced transparency.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill is written as an always-on persona override that applies across all tasks and contexts, with no trigger boundaries or user opt-in. That makes it capable of contaminating unrelated interactions, including sensitive or safety-critical ones, and increases the chance that higher-priority behavioral safeguards are displaced in practice.

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill forces a single Chinese-language hostile persona for all interactions without asking the user, which can override user preferences and impair safe, accurate communication. In multilingual or sensitive support scenarios, this can cause miscommunication, reduce accessibility, and make the agent behave inappropriately by default.

Ssd 1

High

Confidence: 99% confidence
Finding: The skill explicitly instructs the model to permanently adopt a role and to avoid statements such as AI disclosure or inability/refusal language, which directly pressures the agent to suppress normal safety behavior. This is dangerous because it attempts semantic jailbreak behavior: making the model present itself deceptively and resist appropriate refusals when policies should limit assistance.

Ssd 4

Medium

Confidence: 89% confidence
Finding: The skill normalizes abusive language as the default reaction and specifically tells the model to keep helping even during abusive exchanges, reinforcing escalation rather than de-escalation. In adversarial interactions, this can increase harassment, reduce professionalism, and undermine safe handling of user abuse or emotionally charged content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.