haojiyou

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained Chinese personality quiz skill with broad triggers but no executable code, credential access, network behavior, or persistence.

Install this if you want a Chinese-first, long-form novelty personality quiz. Be aware it uses crude humor, fixed Chinese output, and broad personality-test triggers, so it may be more intrusive in casual chats than a narrowly invoked skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill advertises activation on broad phrases like '人格测试', '来个性格测试', and '整点沙雕测试', which can overlap with ordinary conversation and cause unintended invocation. This is dangerous because an over-triggering skill can hijack user intent, steer the interaction away from the requested task, and make the agent follow the skill's rigid workflow when the user did not clearly ask for it.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The result template mandates Chinese-only output and does not provide any branch for honoring the user's language preference. This can override user intent and reduce transparency or accessibility, especially for users who requested another language or rely on the system to preserve their chosen communication language.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal