紫苏叶选股法 Perilla Leaf Screener

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed investment-research workflow skill with financial-risk caveats and no code, persistence, credentials, or hidden actions.

Install only if you want an agent to help generate investment research leads. Treat outputs as starting points, not investment advice, and confirm any suggested company, supply relationship, valuation, or risk using primary filings and current market data. For ambiguous finance or supply-chain questions, ask the agent to confirm before invoking this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains several broad, generic phrases such as “Serenity”, “挖标的”, and supply-chain/investing terms that could match ordinary user requests and invoke the skill unintentionally. In this context, unintended activation is risky because the skill produces investment-oriented research workflows with mandatory web lookup and strong methodological framing, which could steer unrelated conversations into financial analysis the user did not explicitly request.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal