省钱快报返利助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple coupon and rebate recommendation skill with no executable code, credentials, persistence, or privileged access.

Safe to install based on the provided artifacts. Because this is an affiliate/rebate shopping assistant, verify final prices, coupon terms, seller reliability, and rebate eligibility on the shopping platform before buying; broad trigger wording may also make it appear in general bargain-shopping conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list contains generic shopping-related phrases such as '省钱优惠' and '每日好价' that are likely to appear in ordinary user conversations unrelated to explicitly invoking this skill. This can cause unintended activation, allowing the skill to intercept or influence broader shopping interactions than users expect, which is especially sensitive for an affiliate/rebate tool that may bias recommendations for commercial gain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal