TrendRadar

Security checks across malware telemetry and agentic risk

Overview

TrendRadar is a disclosed trend-scanning skill that prints browser/search instructions for public product-trend research, with no hidden credential use or local file access found.

Install only if you are comfortable with the agent using its browser and web search to inspect public trend pages. Use an isolated browser profile if logged-in social sessions are sensitive, and review BuyWise or CouponClaw separately before relying on the suggested follow-up commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include very generic terms such as 'trending products', 'what's hot right now', and 'hot items', which are likely to match ordinary user requests outside the intended skill scope. This can cause the skill to activate unexpectedly, intercept unrelated prompts, and route users into browsing or commerce workflows they did not explicitly request.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest registers very broad, common-language trigger phrases such as "trending," "viral," and "what's hot," including generic Chinese equivalents. These can cause the skill to be invoked for ordinary user requests that are not clearly intended for this package, increasing the risk of unintended activation, user confusion, and routing of queries to code that accesses external trend sources.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal