Claypot

Security checks across malware telemetry and agentic risk

Overview

This is a simple restaurant/travel recommendation skill for “网红砂锅” with no code, hidden actions, credential use, persistence, or destructive behavior.

Install this if you want a niche skill for 网红砂锅 recommendation lists and route planning. Be aware that its trigger wording is a little broad, so it may be invoked for nearby food-travel requests unless the platform or publisher narrows the description.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description says the skill should be invoked whenever users search for 网红砂锅 or plan related travel, which is broad enough to overlap with generic food discovery, restaurant recommendations, and trip-planning requests. Overly broad routing criteria can cause the assistant to invoke this skill outside its intended niche, leading to irrelevant guidance, poor tool selection, and possible suppression of more appropriate domain skills.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The applicable-scenario trigger states that the skill should be called when users search for 网红砂锅 or plan related travel, but it does not define what counts as 'related' or set any scope constraints. This ambiguity increases the chance of accidental invocation for ordinary food or local tourism questions, causing misrouting and reducing reliability of the broader agent system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal