Universal Expert

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only analysis skill that asks the agent to research and cite sources before answering, with no code, persistence, or hidden access requests.

Install only if you are comfortable with the skill performing web research before deeper analyses. Be cautious when using any logged-in browser or sensitive-data access; the skill says those cases should require clear explanation and confirmation. Non-Chinese users may want language behavior clarified before relying on it for important decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill metadata and trigger/instruction content are written entirely in Chinese and are explicitly oriented around Chinese-language invocations, with no indication that language selection follows the user's preference. This can cause the agent to respond in an unexpected language, degrade user comprehension, and create safety/usability issues when important warnings or decision-support content are not delivered in the user's preferred language.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal