直播带货话术生成器

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a livestream commerce sales-assistance skill with no evidence of hidden code, credential access, persistence, or data exfiltration, but its sales-pressure guidance should be used carefully and truthfully.

Before installing, confirm the skill is only used to draft truthful sales scripts. Do not use it to fabricate urgency, inventory limits, discounts, endorsements, or product claims, and review outputs against applicable advertising, consumer-protection, and platform rules before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly promotes high-pressure sales tactics such as urgency pressure and inventory-pressure techniques without any guardrails, compliance notice, or prohibition on deceptive claims. In a livestream commerce context, this can encourage manipulative or misleading conduct that may violate consumer-protection rules, platform policies, or advertising standards and can cause financial harm to users and consumers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal