慢慢买比价助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple shopping price-history and comparison helper, with no artifact-backed evidence of hidden access, credential use, purchasing, or destructive behavior.

Before installing, understand that generic shopping-price phrases may activate this skill unexpectedly. Use it for price-history and comparison advice only, and verify any affiliate, rebate, reminder, or final purchase decision yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes very broad generic phrases such as '历史价格'、'价格走势' and '比价工具', which can plausibly appear in ordinary shopping conversations and cause unintended invocation. In a commerce-oriented skill, accidental activation can misroute user requests, expose shopping intent to the wrong tool, and degrade trust even if it does not directly create code-execution risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal