Back to skill

Security audit

Ai Challenge Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a Chinese AI-challenge assistant that creates planning, prototype, review, and presentation files, with no hidden executable or credential behavior found.

Before installing, expect this skill to guide your agent to ask three setup questions and create multiple competition deliverable files, often in Chinese. Install it if that matches your workflow; request another language or a smaller scope explicitly if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill metadata explicitly requires Chinese output for all uses without checking the user's language preference. This can override user intent and reduce transparency or usability for users who expect another language, which is a prompt-safety and policy-compliance issue even though it is not a classic exploit path. In context, the skill is a Chinese competition-assistant, so the risk is limited, but it still creates unnecessary coercion over output language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.