Back to skill

Security audit

SBTI

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained Chinese joke personality quiz with no executable code, network access, credential use, or hidden persistence.

Install this if you want a playful Chinese SBTI-style quiz. Be aware it may activate on general personality-test or test-related phrases, and its humor is intentionally teasing, but the artifacts do not show data export, credential handling, executable code, or system access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad everyday phrases such as '测一测' and '做个测试', which can cause the skill to activate in unrelated conversations. This creates routing ambiguity and increases the chance of unintended behavior, especially in multi-skill environments where generic test-related language is common.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The instruction '中文提问,中文结果' hard-codes the interaction language instead of adapting to the user's locale or platform policy. This can lead to poor user experience, policy non-compliance, or unexpected behavior when the user is interacting in another language.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.