DaoReview

Security checks across malware telemetry and agentic risk

Overview

This skill reviews user-provided documents and produces a Chinese scoring report, with no evidence of hidden networking, persistence, credential access, or destructive behavior.

Install this for Chinese-language document review and scoring. Be aware that it will read the contents of files you provide or point it to, so avoid confidential, regulated, or sensitive documents unless that use is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger description is broad enough to overlap with common user requests such as '分析文档' or '检查文档', which can cause the skill to activate unexpectedly in routine conversations. Over-broad activation increases the chance of unintended file handling or content processing outside the user's precise intent, which is a security and reliability concern for agent skills.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: Forcing Chinese-only replies without considering the user's language can create unsafe misunderstandings, especially if the user expects another language for nuanced review results. While not a direct exploit primitive, it can degrade user control, reduce transparency, and increase the risk of incorrect interpretation of recommendations or findings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal