hot-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent public hot-topic ranking helper that may fetch live trend data, with no evidence of credential use, persistence, account control, exfiltration, or destructive behavior.

Install this if you want an agent to analyze public trend data and rank hot topics automatically. For more control, explicitly request offline snapshots, name the platforms and time window, and avoid giving it private sessions, cookies, or credentials. Treat content-alert and script templates as publishing advice that still needs human fact-checking and platform compliance review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The template materially expands the skill from objective cross-platform hotspot ranking into predictive alerting and explicit action recommendations for exploiting emerging trends. This creates a capability mismatch: users invoking a neutral monitoring skill may instead receive manipulative growth-hacking guidance, increasing misuse risk and undermining the claimed objective scope.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The '紧急蹭热度' framing and concrete创作/engagement suggestions directly instruct users on opportunistically capitalizing on fast-moving topics rather than merely analyzing them. In a hot-topic aggregation skill, this is more dangerous because it can operationalize spammy, manipulative, or harmful content amplification around breaking events before facts are verified.

Intent-Code Divergence

Low

Confidence: 83% confidence
Finding: The documentation presents the skill as objective hotspot monitoring while the template language encourages opportunistic exploitation of attention cycles. This inconsistency is dangerous because it obscures the real behavior of the skill, making downstream deployment, user consent, and safety review less effective.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill is designed to auto-run on very generic requests like '抓热点' or '最近什么最热', which overlap with normal conversation and broad user intent. Over-broad triggers can cause unintended invocation, leading to surprise external fetching, data processing, or capability use without clear user consent.

Vague Triggers

High

Confidence: 97% confidence
Finding: The instruction to 'directly start scanning, do not ask questions' on ambiguous short phrases removes an important consent and disambiguation checkpoint. In this skill's context, that can immediately trigger real-time collection across platforms, making accidental activation more dangerous than a normal content-only skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: A wide set of generic example inputs are all treated as equivalent triggers, without specificity checks or carve-outs. This increases the chance the skill intercepts unrelated requests and launches automated scanning behavior the user did not explicitly intend.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs automatic real-time network fetching whenever the environment supports it, but does not require a user-facing disclosure or consent step. That creates a data-access transparency issue: users may not realize external requests will be made, and such behavior can violate privacy, policy, or operational expectations.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description contains very broad trigger phrases such as '最近什么最热' and states the skill should '默认自动执行，不先反问用户', which can cause the skill to activate on many ordinary user requests without clear intent confirmation. In an agent environment, this increases the chance of unintended tool invocation, over-collection of external content, and misrouting user queries into a data-gathering workflow the user did not explicitly request.

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: The skill description is written to operate in Chinese and does not offer language negotiation or user choice, which can cause mismatches between user intent and skill behavior. While this is not a direct code-execution issue, it can degrade transparency, cause confusing outputs, and increase the likelihood of unintended autonomous behavior when combined with broad auto-trigger conditions.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The template explicitly instructs automatic execution and says missing information should be auto-filled without asking the user. In an agent skill, this broad trigger behavior can cause the skill to activate outside clear user intent, leading to unsolicited content generation, incorrect assumptions, and possible misuse of ambiguous requests in a high-autonomy context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal