择日学技能

Security checks across malware telemetry and agentic risk

Overview

This is a local auspicious-date helper with no sensitive access, though its recommendations are simplified and should not be treated as authoritative.

Install only if you want a lightweight cultural/reference date-selection helper. Treat the outputs as non-authoritative, verify important marriage, business, travel, or construction decisions elsewhere, and note that the documented Python command is missing from this package.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The file markets itself as a 'core algorithm' while multiple comments explicitly describe the calculations as simplified placeholders. In a date-selection skill that users may rely on for important real-world decisions such as marriage, business openings, or travel, this mismatch can mislead users into overtrusting outputs and cause harmful decisions based on inaccurate logic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal