研究生学习与科研计划制定助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese-language graduate study and research planning helper with no code execution, credentials, network access, or persistence.

This skill appears safe to install for Chinese-language graduate study planning. Users should be comfortable receiving Chinese output and should avoid sharing unnecessary private academic, personal, or institutional details when asking for plans.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The skill description is entirely in Chinese and does not indicate the supported language or require user opt-in, which can cause users or downstream systems to misunderstand the skill's behavior, scope, and outputs. While this is not an exploit-enabling issue by itself, it is a genuine security/usability concern because language opacity can reduce effective review, hide unsafe instructions from non-Chinese reviewers, and increase the chance of accidental misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal