AI短信发送工具
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it says, but it can send real paid SMS messages, including bulk sends, and its credential handling needs careful review before installation.
Install only if you intentionally need Chuanglan SMS sending. Use a dedicated low-quota SMS account, keep IP whitelisting enabled, avoid untrusted .env files, do not set CHANGLAN_API_URL unless you trust the endpoint, and require human confirmation before bulk or customer-facing sends.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.