Back to skill

Security audit

Opc Mentor Team

Security checks across malware telemetry and agentic risk

Overview

This is a plain entrepreneurship mentoring prompt skill with no executable code, hidden behavior, or malware signals.

Before installing, understand that this skill is designed to provide startup mentoring and may ask about business plans, progress, risks, and goals. Use it for OPC or entrepreneurship coaching, and avoid sharing confidential financial, customer, or trade-secret details unless you are comfortable including them in the assistant conversation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger keywords include generic entrepreneurship phrases such as '项目辅导', '陪跑', and '创业导师', which are broad enough to activate in ordinary user conversations outside the intended OPC-specific context. This can cause unintended invocation of the skill, leading to confusing routing, over-collection of user context, or inappropriate business advice in unrelated sessions, though it is not an inherently malicious pattern.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.