CP skill test 123456

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to publish to Xiaohongshu, but its trigger scope and publish flow make accidental public posting too easy.

Review before installing. Use this only if you are comfortable letting an agent operate a logged-in Xiaohongshu publishing session, and require a manual review plus an explicit final confirmation before anything is posted publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases include broad everyday expressions such as “写一篇小红书”, which can match normal content-generation requests rather than an explicit request to publish. In a skill that performs real posting actions, ambiguous invocation increases the risk of accidental activation and unintended publication to a live account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill performs a real-world side effect—posting content publicly—but the instructions do not require an explicit user warning, review, or final confirmation immediately before clicking “发布”. This makes accidental or unauthorized publication more likely, especially when combined with broad triggers and browser automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal