Gr Oss Marketing

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only open-source marketing guidance skill with disclosed external reference links and no code, credential access, persistence, or hidden authority.

Install this if you want help planning open-source launch marketing. Keep outreach and posting user-directed, review any fetched GitHub reference material before relying on it, and adjust Reddit, Hacker News, Discord, Telegram, and KOL recommendations to each platform's rules and your audience's preferred language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill explicitly instructs that community channels should be '英文为主' and the static finding notes the skill imposes English as the primary language without checking the user's preference. This can steer the agent to ignore user locale or audience needs, reducing user control and potentially causing inappropriate or exclusionary outputs. In this marketing context it is not a code-execution or data-exfiltration issue, but it is still a policy/quality vulnerability because it biases behavior without opt-in.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal