Back to skill

Security audit

Master Cloner

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese workflow for turning thinkers' ideas into AI skill templates, with no hidden execution, persistence, credential use, or data exfiltration behavior.

Safe to install for Chinese-language knowledge-engineering work. Before using it to generate decision-advisor skills, add explicit high-stakes-domain exclusions and make clear when advice is philosophical framing rather than professional guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The file is entirely written in Chinese and does not provide any language-selection or localization guidance, which can exclude or mislead users and downstream agents that expect other locales. In a skill that is meant to structure knowledge engineering workflows, forced single-language content can cause incorrect interpretation, failed execution, or unsafe omission of key constraints when users cannot fully understand the instructions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger for 子Skill 1 is defined at a very high level ('用户想了解大师的某个概念/观点'), which can overlap with many ordinary educational or conversational requests. In an agent-routing context, overly broad activation criteria can cause unintended invocation of this skill, leading to misrouting, confusing responses, or the inappropriate application of philosopher-specific guidance where a general-purpose answer would be safer.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The decision-advisor subskill is triggered when a user faces a '具体选择/困境需要建议', but this boundary is too vague for a decision-making agent. Broad decision-oriented triggers are risky because they may activate on sensitive personal, legal, medical, financial, or safety-critical dilemmas without requiring domain checks, consent, or escalation rules, increasing the chance of unsafe or overconfident guidance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.