LiveScript Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a text-only livestream sales-script guide with no system access, but users should verify any marketing numbers it suggests.

Install only if you want help drafting livestream sales scripts. Before using outputs publicly, ensure viewer counts, sales numbers, rankings, certificates, scarcity claims, and product claims are truthful, current, and allowed by the platform and applicable advertising rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill promotes aggressive social-proof tactics such as citing viewer counts, sales, comments, rankings, and '秀数字' while only later stating that fabricated data is prohibited. In practice, this creates a contradictory instruction set that can normalize unverifiable or inflated claims, exposing users to deceptive marketing behavior, compliance violations, and platform/account penalties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal