Qq

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for summarizing public QQ pages and does not request login, private data, local files, or elevated access.

Install only if you want a public QQ page summarization helper. Use it with public share, app, announcement, or invite links, and do not provide QQ credentials, cookies, private messages, account pages, or non-public group content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad enough to match a wide range of QQ-related requests, which can cause over-invocation and route user tasks to this skill even when the request falls outside its intended safe scope. In an agent system, this increases the chance of processing ambiguous QQ workflows, including requests that may drift toward account actions, private content access, or other unsupported automation despite later disclaimers.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal