China Holiday

Security checks across malware telemetry and agentic risk

Overview

This skill is a small China holiday lookup tool that clearly relies on timor.tech and does not seek credentials, persistence, or broad system access.

Install this only if you are comfortable with China holiday/date lookup requests being sent to timor.tech. It does not need credentials or local data access, but accuracy and availability depend on that external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The script sends user-supplied date queries to a third-party API service (timor.tech) but does not disclose that those inputs are transmitted off-device. While the data involved is low sensitivity in this skill’s context, the lack of notice can create a privacy and transparency issue, especially if users assume the calculation is local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal