粉象生活返利助手

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese rebate/affiliate assistant with no code, installers, credential access, persistence, or hidden behavior in the reviewed artifact.

Install only if you want a rebate or affiliate shopping assistant. Review any generated promotional links before sharing them, and re-check future versions if they add real API integrations, account access, commission dashboards, or team-management features.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes generic shopping and rebate-related phrases such as '粉象优惠' and '粉象省钱' that may match broad user requests not clearly intended for this specific skill. This can cause over-invocation, routing unrelated commerce queries into an affiliate workflow, and increase the chance of unintended promotional or link-generation behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal