Back to skill

Security audit

Lab2startup Team Types

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese advisory skill for choosing teacher-student startup team structures, with no code execution, data access, credentials, or persistence.

Safe to install for advisory use. Be aware it may activate in broader conversations about teams or entrepreneurship, and avoid sharing confidential startup, IP, or personnel details unless you are comfortable providing them to your agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains broad phrases such as '团队分工', '创业团队', and '谁来主导' that can appear in ordinary discussion, making accidental invocation more likely. This can cause the skill to activate outside its intended scope, leading to irrelevant guidance and reduced routing precision, though it does not by itself create a direct security compromise.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill metadata and behavior are written only in Chinese and do not indicate whether the skill should adapt to the user's preferred language. In multilingual environments, this can produce inaccessible or unexpected output, which weakens usability and may cause misinterpretation of important planning guidance, but the content itself is otherwise non-sensitive and domain-specific.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.