Four Angle Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chinese analysis framework with no executable code, credential use, persistence, or hidden data access.

Install this if you want a Chinese structured-analysis framework. Because it may trigger on broad analysis requests, specify your desired scope and output language when using it; no credentials or special system access are needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation description is very broad, covering generic requests like analyzing a problem, industry, system, or "anything," which can cause the skill to trigger on a wide range of normal user prompts. Over-broad activation increases the chance of unintended routing, causing the assistant to apply this framework when the user wanted a different task or a more constrained response style.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The skill is written entirely in Chinese and does not state language-selection behavior, fallback behavior, or whether it should follow the user's language preference. This can lead to unwanted language switching or exclusion of users who did not request Chinese, reducing usability and potentially causing miscommunication in contexts where precision matters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal