花生日记返利助手

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only rebate and coupon assistant with disclosed shopping use cases and no executable code or hidden access.

Install only if you want a shopping rebate/coupon assistant. Be cautious with future versions that connect to Taobao/Tmall, affiliate, commission, invite, team, or payout accounts, and confirm before sharing order history, earnings, invite relationships, or promotion data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list contains broad, low-specificity terms such as '花生日记', 'huasheng', and '花生优惠券' without any activation constraints or confirmation requirements. This can cause accidental invocation in unrelated shopping or general conversation contexts, leading the agent to surface affiliate/rebate flows unexpectedly and increasing the risk of spammy behavior or unintended commercial steering.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal