@_FORAB Tweet Generator

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable writing template for drafting Chinese tweets in a named account’s style, with no hidden access, posting automation, or persistence.

Safe to install as a writing aid. Before publishing, fact-check market, political, and financial claims, and do not imply that @_FORAB authored, endorsed, or is affiliated with the generated content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is activated through very broad natural-language phrasing such as '请用 @_FORAB 风格生成…', without clear scoping, disambiguation, or exclusion rules. This can cause accidental invocation or prompt collisions with unrelated user requests, especially in multi-skill environments, leading to unintended content generation and reduced user intent integrity.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The description hardcodes Chinese-language output behavior without documenting it as a locale-specific skill or offering a language selection mechanism. In practice this can create user confusion, mismatched outputs, and unreliable behavior when the broader system or user expects another language, which is a policy and safety quality issue rather than a direct exploit primitive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal