彩票测算器

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed entertainment lottery-number picker that runs a local calculation script, with no evidence of credential access, network activity, persistence, or hidden behavior.

Install only if you want a Chinese-language entertainment lottery number generator. Treat its output as random fun rather than financial advice, keep spending minimal, and be aware that the trigger wording may be broad enough to respond to vague requests like asking to calculate a number.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger conditions are excessively broad and include casual phrases like “帮我算个号,” which can match ambiguous everyday requests unrelated to lottery divination. This can cause unintended skill activation, leading the agent to steer conversations into gambling-number generation without clear user intent, which is especially sensitive because the skill promotes lottery participation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal