沙盘推演(体验版)

Security checks across malware telemetry and agentic risk

Overview

This is a single-file Chinese sandbox-planning skill with no executable code, credentials, persistence, or hidden data access.

Install this if you want a Chinese-language framework for OPC-style business scenario planning. Be aware it may be selected for broad strategy, risk, competition, or decision-preparation prompts, and non-Chinese users may need translation or language guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are broad and overlap with ordinary business-strategy conversations such as planning, risk review, competition analysis, and decision preparation. This can cause unintended activation of the skill in unrelated contexts, leading the agent to steer conversations into a predefined simulation workflow when the user did not explicitly request it.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill content is effectively Chinese-only and does not offer a language choice or fallback behavior. In multilingual environments, this can cause misunderstanding of outputs, misapplication of recommendations, or degraded usability if the user or downstream agent expects another language.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal