Qwen

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Qwen helper that clearly discloses its hosted API use, local notes, and consent requirements.

Install this if you want help choosing and debugging Qwen hosted or self-hosted routes. Use hosted DashScope endpoints only for data you are comfortable sending to Alibaba Cloud, keep API keys in environment variables, and approve ~/qwen/ memory only for non-secret routing preferences and troubleshooting notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The setup instructs the skill to activate on a broad set of trigger phrases such as 'Qwen,' 'DashScope,' 'Model Studio,' 'Ollama,' 'vLLM,' or 'Qwen3' without defining clear boundaries or disambiguation rules. This can cause the skill to engage in contexts the user did not intend, increasing the chance of over-collection of context, unintended persistence prompts, or interference with unrelated workflows involving those technologies.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal