伴游AI旅游搭子

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese travel narration skill with ordinary usability caveats and no hidden execution, credential use, persistence, or destructive behavior.

Safe to install as a cultural travel companion. Verify time-sensitive travel details against official sources, and share location or trip preferences only when you want personalized guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill activation description is broad enough to match many ordinary travel-related requests, which can cause the skill to trigger in situations where a more appropriate general assistant or narrower skill should respond. Over-broad activation increases the risk of unintended instruction takeover, especially because the skill also imposes rigid workflow and formatting rules that could override user intent once activated.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill metadata and content strongly indicate Chinese-language operation and Chinese stylistic defaults without clearly stating that language should follow the user's preference. This can cause unwanted language coercion, reduce usability, and in multilingual contexts may lead to misunderstanding of important travel information such as safety notices, access rules, or itinerary details.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal