Bilibili

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Bilibili content-planning skill with no evidence of code execution, data access, credentials, persistence, or hidden behavior.

This appears safe to install as a Bilibili content strategy aid. Be aware it may activate on some broad engagement terms, so ambiguous requests should be clarified before applying Bilibili-specific advice. Its guidance should not replace copyright review, platform policy checks, or community moderation judgment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes short, generic phrases such as '共鸣点', '梗点', and '槽点' that can match many unrelated user requests, causing the skill to activate outside its intended Bilibili-specific context. This is not a code-execution issue, but it can create unsafe routing behavior where users receive platform-specific persuasion or engagement advice in contexts where the skill is not appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal