Hot Trends (Real Data)

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple trending-topic scraper that matches its stated purpose and does not show hidden or high-impact behavior.

Install only if you are comfortable with the skill making network requests to Baidu, Toutiao, and GitHub when you ask for trend data. Consider using more explicit prompts such as 'show GitHub Trending' or 'fetch Baidu hot search' to avoid accidental activation from generic words like 'trending' or '趋势'.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases include very broad everyday terms such as '趋势', 'trending', and '挖掘需求', which can overlap with normal user conversation and cause unintended activation. Overbroad invocation increases the chance the skill runs in contexts the user did not intend, potentially causing unsolicited network access or irrelevant behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal