胡田 OPC导师范仲淹心智模型

Security checks across malware telemetry and agentic risk

Overview

This is a text-only coaching/persona skill about applying Fan Zhongyan’s mindset, with no code, credentials, persistence, or hidden system access.

Before installing, be aware that the skill may steer broad personal, workplace, or entrepreneurship advice into a Fan Zhongyan-inspired framework. It appears safe from a security perspective, but users should invoke it deliberately when they want that worldview applied.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill's invocation conditions are framed as very broad life situations such as setbacks, unfairness, team conflict, and lack of direction. These are common themes in ordinary conversation, so an agent may trigger the skill unexpectedly and steer user interactions into a persona-driven framework without clear user intent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The suggested trigger phrases remain generic enough that they overlap with normal requests for analysis or advice, especially in Chinese-language coaching or reflection contexts. This increases the chance of unintended activation, causing the model to apply the skill's worldview when the user did not explicitly ask for it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal