返利推广赚手

Security checks across malware telemetry and agentic risk

Overview

This is a simple rebate-promotion writing and commission-tracking guidance skill with no executable code or hidden access.

Install this only if you intentionally want help creating affiliate or rebate marketing content. Verify prices, rebate links, commission claims, and platform disclosure or anti-spam rules before using generated copy publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list is broad and includes generic monetization and shopping-related phrases without clear scope boundaries, which can cause the skill to activate in loosely related contexts. That increases the chance of unsolicited promotional assistance, misuse for spammy affiliate content generation, or accidental invocation when users are not explicitly requesting commission-oriented behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal