Security audit

IceCube ZSXQ Community

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language paid-community operations guide with somewhat broad trigger wording, but it does not install code, request credentials, or perform actions itself.

Install this if you specifically want Chinese-market 知识星球/zsxq or paid-community operations guidance. Review any separate browser/API tools before giving them login sessions, posting authority, or payment-related access, because this skill itself only gives guidance but points to workflows that could involve real accounts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description uses broad keywords such as '知识星球', '会员制', and '付费社区', which can cause the skill to activate in many unrelated conversations. Over-broad invocation increases the chance of inappropriate routing, unwanted commercialization behavior, or the agent steering users into this monetization workflow when they did not intend to use it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.