Back to skill

Security audit

Nonsense Literature Crafter

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese text-style rewriting skill with no code execution, data access, persistence, or hidden authority.

Install this if you want a Chinese humor-writing helper that rewrites text into '废话文学' style. Be aware that its trigger phrasing is broad, so it may activate whenever a Chinese sentence appears to be intended for this style conversion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger text says the skill activates when the user sends '任意一句想被转换的文本' and when the user intends to convert a sentence into this style, which is a very broad condition. Although a few example phrases are given, the wording also includes '等类似指令' and lacks clear boundaries or negative examples, increasing the risk of unintended invocation from normal chat.

Natural-Language Policy Violations

Low
Confidence
87% confidence
Finding
The description explicitly targets converting '任意普通话语' and presents the skill as operating in Mandarin without mentioning any user choice of language or locale. This can be a language-policy issue because it imposes a specific language mode rather than offering opt-in or clarifying that the skill is Mandarin-specific by user selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.