Juejin Article Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Juejin article-optimization helper with no evidence of hidden data access, credential use, posting, persistence, or destructive behavior.

Safe to install for Juejin article optimization. Do not paste confidential drafts unless you are comfortable having the agent process them, and treat any live trend or URL analysis as read-only and subject to Juejin's terms and rate limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation example is broad and natural-language based, which can cause the skill to trigger in contexts the user did not clearly intend. In an agent setting, overly permissive invocation increases the chance of accidental activation and unintended processing of user content, even though this particular skill appears limited to article optimization rather than high-risk actions.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The example invocation and user flow assume Chinese-language interaction without explicit opt-in, which can override user language expectations or cause the agent to respond in an unintended language. This is primarily a safety and usability issue rather than a direct security exploit, but it can still reduce user control and predictability of agent behavior.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal