Back to skill

Security audit

cui-skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only motivational nagging persona with broad trigger wording, but it does not request sensitive access, run code, or persist anything.

Install this only if you want an opt-in accountability persona that may use sharp, escalating language. Consider narrowing activation to explicit phrases like “催我一下” so ordinary conversation does not unexpectedly switch into this mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description says it is triggered by broad conditions like '拖延或召唤', which lacks precise activation boundaries. In an agent system, vague triggers can cause unintended invocation during ordinary conversations, leading to persona hijacking, workflow disruption, or inappropriate responses when the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger table includes highly common phrases such as '等会儿', '明天再说', '不急', and '马上', which appear frequently in benign conversation. This makes accidental activation likely, allowing the skill to override normal assistant behavior and inject a coercive persona in unrelated contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.