网红游戏厅

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk recommendation skill with a content mismatch, not a security threat.

Before installing, check whether you actually want an arcade guide or a fashion/cosplay retail guide. The mismatch may make the agent invoke this skill for the wrong kind of outing, but the available evidence does not indicate malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims to provide recommendations for 网红游戏厅, but its filters, return fields, and examples describe fashion/cosplay-style retail discovery instead of game arcades. This semantic mismatch can cause the agent to invoke the wrong skill and return misleading location, pricing, reservation, or activity guidance, which is a real integrity issue for tool selection and user trust even if it does not directly enable code execution or data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal