Back to skill

Security audit

hot-china

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public Chinese trend, ranking, entertainment, app, music, and newspaper data, with no evidence of credential use, persistence, or local data access.

Install this if you want live public ranking and newspaper data from Chinese web sources. Be aware it contacts third-party sites when used, depends on Node.js 18+, and may answer broad recommendation questions using scraped rankings rather than a curated assistant response.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance includes very broad phrases such as general discussion of trends, news, or 'what happened today,' which overlap heavily with ordinary conversation. This can cause the skill to trigger in situations where the user did not clearly request external data retrieval, leading to unnecessary network access and possible context hijacking away from safer core behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The music trigger examples include generic recommendation-style prompts like asking what songs are good or popular, which are common assistant requests not necessarily intended to invoke a crawler. That broad scope may cause over-invocation of external scripts and substitute scraped ranking data where the user may have wanted curated advice or a normal conversational answer.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The entertainment and news mappings cover broad questions like what movies are good, what major events happened, or what headlines say, which can match many ordinary requests beyond the skill's narrow data-fetching purpose. In context, this increases the chance of unsolicited retrieval from third-party sources and may bias answers toward a fixed crawler output rather than the user's actual intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.