Back to skill

Security audit

Eq Polisher

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese tone-polishing skill with no code execution, persistence, credential access, or hidden data handling.

Install this if you want Chinese-style tone softening for messages. Be aware it may over-soften firm boundaries or switch into its Chinese output format, so give explicit instructions when you need another language, a stricter tone, or legal/HR-sensitive wording preserved exactly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are broad and include loosely defined phrases like '类似指令' and general requests to soften tone, which can cause the skill to activate outside the user's precise intent. In an agent setting, ambiguous activation can misroute user requests, rewrite content unexpectedly, or interfere with higher-priority safety or task-specific behaviors.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The skill metadata and examples are entirely Chinese-language oriented without indicating language negotiation or preserving the user's current locale. This can lead to unwanted language switching, degraded usability, and incorrect output formatting when invoked in multilingual environments or by users expecting another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.