Back to skill

Security audit

ZhenZhen EHS Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only EHS assistant with coherent safety templates, but users should treat its drill and record-handling advice as guidance that needs local professional review.

Install only if Chinese-language, China-oriented EHS SOP guidance fits your use case. Verify current local regulations and company procedures before using any template operationally, especially fire-drill smoke effects or high-risk work controls, and store personnel or incident records only in approved systems with proper access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The drill template and example explicitly recommend using '烟雾弹/发烟罐' to simulate smoke without nearby safety guidance on suitability, ventilation, ignition risk, occupancy controls, approvals, or substitution with safer training aids. In an EHS skill, users may treat this as operationally authoritative, increasing the chance of unsafe drills, respiratory exposure, panic, false alarms, or secondary fire incidents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.