怎样解题

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk Chinese problem-solving guide that only changes how the assistant asks questions and does not request system access or sensitive data.

Before installing, consider whether you want common phrases like “help me analyze this” or “help me plan” to trigger a step-by-step questioning style instead of a direct answer. No sensitive permissions or execution behavior are evident in the artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad conversational requests such as '帮我分析这个问题' and '帮我规划一下', which can match many ordinary interactions unrelated to this skill’s intended scope. This can cause unintended activation, leading the agent to switch into the skill’s constrained Socratic behavior at inappropriate times and potentially disrupt safer or more suitable handling of user requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal