Naruto Multi-Agent CN

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only multi-agent dispatcher, but it needs review because it automatically forwards real work and context into reused persistent sub-agent sessions without clear reset or data-boundary controls.

Install only if you intentionally want a Chinese Naruto-themed persistent multi-agent workflow. Avoid using it for secrets, credentials, unrelated private projects, or sensitive documents unless you can control what context is forwarded and can clear or isolate the spawned sessions afterward.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill hard-codes a Chinese-only Naruto/Tsunade persona and strongly instructs the agent to speak in that style, without checking or preserving the user's preferred language. This can degrade usability, cause misunderstanding of task details, and make safety-critical or technical interactions less reliable when the user expects another language.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal