Back to skill

Security audit

Chance Fc3d Predictor

Security checks across malware telemetry and agentic risk

Overview

This is a lottery-analysis reference skill with no packaged executable or hidden behavior, though users should treat its number recommendations as gambling-related entertainment only.

Install only if you intentionally want FC3D lottery analysis. Do not rely on the recommendations as predictions, set strict spending limits, and review any optional Python code before running it because it can install packages, contact an external lottery-data site, and create local report files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly claims it contains no executable code, yet later embeds runnable Python for Monte Carlo number generation. This mismatch is dangerous because it undermines trust in the safety declaration, can bypass policy expectations for non-executable skills, and may lead downstream systems or users to treat executable content as harmless documentation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill defines very broad trigger keywords such as '分析', '数据', '策略', and '方法', which can overlap with ordinary user conversation and cause the skill to activate unintentionally. In an agent environment, this can route unrelated requests into gambling-oriented behavior, increasing the chance of inappropriate assistance, policy bypass through accidental invocation, or degraded user intent handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.