Hutian Opc Daily Promotion

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed daily content-curation workflow that searches public sources and writes a local report, with no executable code or hidden data handling found.

Before installing, make sure you are comfortable with the agent browsing the listed public content platforms and creating daily report files under ./每日推荐/. If enabling scheduled runs, configure the agent so report generation and overwrites happen only with your intended level of approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to write a daily report to a specific filesystem path without stating that file creation requires user awareness or consent. In agent environments that can write files automatically, this can lead to unexpected persistence, workspace modification, or clutter, and similar patterns can normalize silent file writes that become more dangerous in other contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal