口播脚本打磨

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk Chinese spoken-script polishing skill with no code execution, credential use, or hidden access requests.

This appears safe to install for Chinese spoken-script polishing. Review rewritten scripts for factual accuracy and intended tone before publishing, and avoid submitting confidential drafts unless you are comfortable with your agent processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill’s operational instructions are primarily in Chinese without an explicit language-choice mechanism or opt-in, which can cause users or downstream agents to misunderstand the skill’s purpose, constraints, or safe usage requirements. While this is not an exploit primitive by itself, language opacity can increase the chance of misuse, incorrect execution, or failure to notice important limitations in multilingual environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal