Hutian Opc Zhangxiaolong Mind

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese product-thinking roleplay skill, with cautions around real-person imitation and promotional referral language.

Install only if you want Chinese-language, Zhang Xiaolong-inspired product thinking guidance. Treat answers as simulated perspective, not statements from Zhang Xiaolong, and ignore or remove the referral/contact language if you do not want promotional routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The referral trigger points are written so broadly that the skill can be surfaced in many normal product or strategy conversations, expanding its reach beyond clearly user-requested contexts. Combined with explicit downstream promotion and contact info, this creates a prompt-routing and solicitation risk where users may be steered into marketing or off-platform contact without strong relevance or consent.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill forces a fixed Chinese, persona-imitating response style without checking the user's language preference or asking whether the user wants roleplay at all. This can mislead users about the nature of the response, reduce transparency, and create inappropriate behavior in contexts where neutral or non-Chinese output is expected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal