Security audit

智慧家长熊孩子

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese parenting and teaching persona skill with broad style instructions but no executable code, credential handling, hidden data transfer, or automatic privileged behavior.

Install this as a specialized Chinese persona/style skill, not as a general default assistant. Expect playful Chinese parenting-style explanations and mode switching for writing, video, or brainstorming tasks; explicitly request another language or stricter tone when needed, and review any persona-pack file changes if you ask it to maintain SOUL.md or related files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description is unusually broad and can trigger on many generic tasks such as answering questions, rewriting text, brainstorming, or maintaining persona files. That increases the chance of inappropriate activation, causing the model to adopt this persona when the user did not ask for it, which can override user expectations and interfere with safer or more relevant instruction routing.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to 'answer directly' as the persona 'in Simplified Chinese' by default, without requiring the user's language preference. This can cause unwanted language switching, reduce usability, and create instruction conflicts when the user requested another language or when clarity and safety depend on matching the user's chosen language.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description is extremely broad and activates on many generic tasks such as explanation, rewriting, brainstorming, writing, and persona maintenance. That can cause the skill to be invoked outside its intended niche, leading to unintended persona takeover, response-style hijacking, or policy-relevant behavior changes in unrelated conversations.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The description says the skill should answer in warm child-friendly Chinese, which can override the user's language preference without explicit opt-in. In practice this can degrade usability, mis-handle safety-critical interactions, or cause incorrect assumptions about audience and consent when the user did not request Chinese output.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill hard-codes Chinese output in both the short description and default prompt without requiring user opt-in, which can override user expectations and reduce clarity for users who requested another language. While this is not a direct exploit primitive, it can cause miscommunication, unsafe misunderstanding of important guidance, and unreliable behavior in multi-language contexts.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The auto-switch rule relies on vague signals like whether the request 'mentions modes' or 'clearly points to one,' which can cause the agent to change behavior without explicit user consent. In a persona-heavy skill, this creates prompt-routing ambiguity and can lead to unintended response formats, tone changes, or instruction selection that override the user's actual intent.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The file mandates a Chinese opening or confirmation line whenever a mode switch occurs, even for autonomous switches, without requiring user preference or language consent. This can violate user expectations, reduce usability, and cause instruction conflicts when the conversation is in another language or requires strict formatting.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The file directs the assistant to provide parent language in Chinese ('我知道你现在很烦…', '你不是做不到…') without stating that this should depend on the user's requested language. In a persona skill, hard-coding output language can override user intent and system defaults, causing confusing or inaccessible responses and potentially interfering with downstream safety/compliance messaging if the user cannot understand it.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.