高佣联盟返利助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only affiliate rebate helper, with some broad activation wording but no code, credentials, persistence, or hidden behavior.

Install only if you want a rebate or affiliate-promotion assistant. Treat commission rates, promotion links, team rewards, and withdrawal guidance as money-adjacent: verify details with the actual platform and require explicit confirmation before sharing links, connecting accounts, or taking payout-related actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad terms such as “高佣金” that can plausibly appear in ordinary conversation about discounts, affiliate marketing, or shopping, increasing the chance of unintended invocation. In a commerce-oriented skill that promotes rebates and referral actions, accidental activation could steer users into affiliate flows or promotional content they did not explicitly request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal