Back to skill

Security audit

胡田-OPC导师-概念验证中心

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese-language concept-validation guidance skill with no code, commands, persistence, credential access, or hidden data handling.

Safe to install from a security perspective. Users should expect Chinese output and may want narrower activation wording if they use many skills or often ask general feasibility questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains broad colloquial phrases such as “能不能做” and “行不行”, which can match many ordinary user requests unrelated to formal concept validation. This can cause unintended skill invocation, leading the agent to route users into the wrong workflow, produce irrelevant outputs, or override more appropriate skills in multi-skill environments.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill content is written entirely in Chinese and does not state any locale limitation or fallback behavior, which can cause the skill to respond in a language the user did not request or understand. This is primarily a reliability and usability risk, but in an agent setting it can also impair informed user decisions if validation conclusions are delivered in an inaccessible language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.