胡田 OPC导师量子电池

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only quantum battery evaluation skill with finance-adjacent guidance, but no hidden code, credential access, persistence, or destructive behavior.

Use this as an informational due-diligence checklist, not as a basis for final investment, legal, or fraud accusations. For real projects involving money or public claims of fraud, verify sources independently and consult qualified financial or legal professionals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The README describes triggering the skill for broad topics such as whether a quantum battery project is real, a scam, investable, or for general technical progress questions, but it does not define clear boundaries, required evidence standards, or disallowed decision-making uses. In a finance- and fraud-adjacent context, this can cause the agent to be invoked for high-stakes judgments and present speculative or incomplete assessments as authoritative, increasing the risk of misleading investment or scam determinations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal