Back to skill

Security audit

Opc Community Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple advisory community-operations prompt skill with no executable code, hidden data access, or privileged behavior.

Installers should treat this as an advisory operations-planning assistant for OPC-style incubator work. Because its triggers are broad, it may appear in some general community or operations conversations; users should verify legal, financial, technical, and policy advice with qualified professionals before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords include broad operational terms such as 招商, 活动运营, 内容运营, and 社区运营 that can easily appear in unrelated conversations. This increases the chance the skill activates outside its intended context, causing unintended routing, irrelevant advice, or disclosure of internal workflow assumptions to users who did not ask for this skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The role triggers and switching rules are loosely defined, with overlapping categories like 咨询、内容、活动、增长 and an instruction to auto-route by user intent. In ambiguous requests, this can lead to incorrect role selection, overbroad behavior, or unbounded cross-role action planning without clear permission boundaries.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.