Avengers Assemble CN

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese Avengers-themed multi-agent coordinator with disclosed sub-agent delegation and no hidden code or install-time execution.

Install only if you want a Chinese-language, themed coordinator that spawns sub-agents to do work. For sensitive repositories or production-impacting tasks, give narrow scope, avoid sharing secrets, and ask for approval checkpoints before edits or parallel work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: The skill is explicitly framed as a Chinese-only experience ('中文版', '中文特供版') and provides no mechanism to detect or honor the user's preferred language. This can cause unsafe or unreliable operation when users interact in other languages, increasing the risk of misunderstanding task requirements, especially in multi-agent coordination contexts where errors can propagate across delegated sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal