Wechat Miniprogram Ui Ux

Security checks across malware telemetry and agentic risk

Overview

The only supported concern is minor language-documentation ambiguity, not unsafe behavior.

Installation appears reasonable from the available evidence. Users should understand that the Chinese README is a localized documentation option; the publisher could improve clarity by labeling English and Chinese docs symmetrically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 77% confidence
Finding: The README prominently links to a Chinese-language variant via '中文说明', which introduces a locale-specific path without any explicit statement that users may choose their preferred language. Under the policy, language constraints should be opt-in or clearly offered as a choice; the wording here does not explicitly frame language selection as user choice.

Natural-Language Policy Violations

Low

Confidence: 82% confidence
Finding: This file presents the skill description entirely in Simplified Chinese while identifying itself as a general Codex skill, without stating that Chinese output is optional or limited to a China-specific audience. Under the policy rule, forcing a specific language/locale without user opt-in can be a natural-language policy violation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal