买手妈妈返利助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple mother-and-baby shopping coupon/rebate prompt skill with no code execution, credential access, persistence, or hidden data handling in the artifacts.

Before installing, understand that the skill may respond to mother-and-baby coupon or rebate requests. Verify any savings, cashback rates, authenticity claims, and return-policy statements directly with the shopping platform or merchant.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes broad, common phrases such as “母婴返利” and “宝妈返利,” which can overlap with ordinary user requests and cause unintended activation of the skill. In a commerce/rebate context, misrouting can expose users to irrelevant promotional content or steer shopping queries into affiliate flows without clear intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal