产业-未来产业布局建议

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language planning assistant that uses public research to draft regional industry recommendations, with no executable code or hidden data access found.

Install only if you are comfortable using a Chinese-language skill that performs web-based public-sector and industry research. Review cited sources, assumptions, and recommendations before using outputs for government planning,招商引资, funding, or policy decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill is written and operationalized as Chinese-only, with Chinese triggers, parameters, and output requirements, but it does not disclose a justified locale restriction or offer any user language choice. This can exclude users, cause mismatches with caller expectations, and create downstream reliability and accessibility issues in multilingual environments, even though it is not a classic security exploit.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal