Back to skill

Security audit

Saas Founder Content Writer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to have a disclosed, purpose-aligned language default and no evidence of malware, exfiltration, persistence, or unsafe account access.

Install if you want platform-specific content-writing help. Before using it, be explicit about the desired output language and audience, especially for Xiaohongshu content, and review generated text before publishing or reusing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The changelog states Xiaohongshu support includes 'Chinese-by-default behavior,' which can cause the skill to generate output in Chinese without explicit user consent. In a content-writing skill, this is a policy and safety issue because it may override user intent, produce unusable or misleading output for the target audience, and silently change the communication context rather than following explicit instructions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.