什么值得买价格爬取

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward public price-lookup helper for smzdm.com, with only minor risk of accidental activation from broad trigger words.

Install this if you are comfortable with the agent using smzdm.com to search product prices. Avoid entering private or sensitive search terms, be aware that broad brand keywords may trigger it unexpectedly, and verify prices on the merchant page before buying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger keyword "什么值得买" is broad and closely matches common user requests about the well-known shopping site, which can cause the skill to activate when a user did not specifically intend to invoke it. This creates an unintended-invocation risk that may route user queries into scraping behavior unexpectedly, though it does not by itself enable code execution or direct compromise.

Vague Triggers

Low

Confidence: 88% confidence
Finding: Using standalone brand names like "极空间", "群晖", and "绿联" as triggers can cause accidental activation during ordinary conversation about those brands rather than explicit requests to use this skill. In this skill's context, that increases the chance of unintended web scraping or price-query actions, but the impact remains limited because the declared capability is narrowly focused on price lookup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal