Paul Graham 视角

Security checks across malware telemetry and agentic risk

Overview

This is a low-authority advisory skill that provides a Paul Graham-inspired perspective using bundled text references, with no executable behavior or sensitive access.

Install this if you want a Chinese-first PG-inspired advisory lens for startup, writing, product, or founder questions. Be aware it defaults to Chinese unless overridden, and verify any time-sensitive market or startup facts separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill explicitly sets Chinese as the default output language unless the user specifies otherwise. This can override or conflict with user expectations and upstream system defaults, creating a prompt-safety and usability issue where the assistant may respond in an unintended language. In this skill’s context, the risk is limited because it affects presentation rather than granting capabilities or causing code execution, but it is still a real policy-alignment problem.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal