胡田 OPC导师成果转化

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable technology-transfer consulting skill; its main risk is that users must handle consent and confidentiality carefully before sharing project materials.

Before using this skill with real projects, get documented authorization from the rights holder for each recipient and material type, redact unnecessary personal or proprietary details, require confidentiality terms before sharing detailed technical materials, and have qualified legal, IP, regulatory, or investment professionals review contracts and valuations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The SOP instructs consultants to send One-Pagers, detailed technical materials, qualification documents, and contact information to external resource parties, but it does not require prior consent, data minimization, confidentiality controls, or any privacy warning. In a tech-transfer workflow, these materials can contain personal data, sensitive business information, and pre-disclosure IP details, so sharing them without explicit authorization increases the risk of privacy violations, NDA breaches, and premature exposure of proprietary information.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal