Conversation Focus

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only clarification helper with disclosed local self-improvement logging, so it is usable but not privacy-free.

Install this if you want a Chinese-language clarification workflow that may ask follow-up questions when requests are vague. Before using it with sensitive personal, business, or credential-like content, review or disable the self-improving/corrections.md logging behavior and separately decide whether you trust the companion components it references.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill metadata and content are written to drive Chinese-language behavior by default, but there is no indication this is conditioned on user preference or locale. In a generic assistant environment, this can override expected language behavior, reduce usability, and create prompt-steering side effects where downstream components inherit an unintended language constraint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal