中信信用卡推荐

Security checks across malware telemetry and agentic risk

Overview

This skill coherently recommends CITIC credit cards using a disclosed script and official card data, with a privacy note for platform-tagged application links.

Before installing, understand that recommended card application links may include a sid and platform tag identifying the host environment. The skill does not appear to collect credentials or submit applications, but users should review card terms and privacy implications before using any application link.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The script reads host platform-identifying environment variables and uses them to modify outbound application URLs by appending sid and platform parameters. For a card recommendation skill, this creates unnecessary host-environment awareness and link personalization that exceeds the minimally required functionality, increasing privacy and tracking risk and enabling environment-dependent behavior that users may not expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal