translator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent translation skill with broad activation triggers but no evidence of hidden behavior, code execution, credential use, persistence, or data exfiltration.

Reasonable to install for translation help. Be aware it may activate on common translation-related wording, and review outputs carefully for legal, medical, financial, or other high-stakes translations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 94% confidence
Finding: The trigger '翻译' is extremely broad and likely to match many ordinary user requests that merely mention translation, causing this skill to activate unintentionally. While this is not a code-execution or data-exfiltration issue by itself, overly broad activation can hijack routing, interfere with more appropriate skills, and increase the chance that users disclose content to the wrong skill context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal