KOL

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple KOL collaboration checklist and SOP guide that does not run code or request account, file, credential, or network access.

Safe to install as a general KOL collaboration operations reference. Users should still apply normal judgment for real campaigns, especially around personal information, platform rules, local legal requirements, and whether the broad trigger fits the task they are asking the agent to perform.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The description '在开展KOL合作管理相关工作时调用' is broad and can cause the skill to activate across many routine collaboration or marketing contexts, increasing unnecessary exposure of the skill's instructions and outputs. While the content itself is benign and does not contain dangerous actions, overbroad triggering can lead to misapplication, user confusion, and expansion of the skill's operational surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal