大淘客选品工具

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only skill for Dataoke/Taobao affiliate product recommendations, with no code, credentials, persistence, or privileged actions.

Safe to install based on the current artifacts. Expect it to help structure Dataoke/Taobao affiliate product-selection responses; review future versions carefully if they add real API integration, credentials, account actions, or automated purchasing/publishing behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad, generic phrases such as “大淘客”, “淘客选品”, and “淘客工具”, which can match many normal user requests and cause the skill to activate outside its intended scope. Over-broad activation increases the chance of unintended routing, confused responses, and misuse of the skill in contexts where affiliate-product selection was not requested.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal