淘宝官方导航

Security checks across malware telemetry and agentic risk

Overview

This is a simple Taobao-related link directory with no code or permissions, though users should verify important account or payment links before using them.

Install only as a quick reference for Taobao/Alibaba-related links. Before signing in, paying, or managing a merchant account, verify the destination independently because the skill claims official status but provides no provenance beyond the listed URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill has no explicit activation conditions, so it may be invoked in situations outside its intended scope. This can cause the agent to respond with hardcoded Taobao-related links when the user did not request site navigation, creating misfires and reducing trust, though the content itself is not inherently dangerous.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal