China Scenic Spots Top100

Security checks across malware telemetry and agentic risk

Overview

This is a static China scenic-spots travel reference skill with broad triggers but no system access, credential use, code execution, or hidden behavior.

Safe to install as a content-only travel guide. Treat ticket prices, reservation rules, opening status, and transport suggestions as reference information and verify current details with official or up-to-date travel sources before booking or traveling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains very broad, common phrases like '去哪玩', '旅游攻略', and '中国旅行', which can cause the skill to activate in many ordinary travel-related conversations even when the user did not specifically intend to invoke this skill. Over-broad invocation increases the chance of irrelevant routing, response hijacking of general queries, and unintended exposure of stale or low-confidence travel guidance.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal