Back to skill

Security audit

AI钢琴老师

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed piano-teaching helper made of static Markdown guidance, with no executable code or hidden data access found.

Safe to install for piano-learning help. Be aware it may activate on broad Chinese music terms like “乐理”, “视奏”, or “练耳”; share only the learning details you are comfortable using for personalization, and review any generated HTML or Tencent Docs report before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad educational terms related to piano and music study, which can cause the skill to activate for generic conversations that were not intended to invoke this specific agent. This increases the chance of misrouting user queries, unexpected skill execution, and user confusion, especially in environments where multiple skills may compete for similar topics.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The catch-all '综合咨询' branch routes unclear or non-specific inputs into the skill, which can make invocation behavior overly permissive. In a multi-skill system, ambiguous routing can cause this skill to handle requests outside its intended scope, reducing predictability and potentially exposing users to unwanted data collection questions or irrelevant guidance.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger '乐理' is a very short, generic music-theory term that may appear in many unrelated educational or conversational contexts. Short broad triggers raise the likelihood of accidental invocation, especially when other music or education skills are present.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger '视奏' is broad and can match generic sight-reading discussions beyond this skill's specific scope. This can lead to unintended activation and lower routing precision rather than a direct compromise, but it still creates avoidable operational risk.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger '练耳' is a generic ear-training term that may overlap with broader music education requests not intended for this piano-focused skill. Such short triggers can increase false activations and reduce user control over which skill is engaged.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.