Back to skill

Security audit

Popeye Coding

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese-language coding prompt skill; its triggers are broad, but it contains no executable code, hidden access, credentials use, or persistence.

Install only if you want a Chinese-language coding assistant that may activate on common programming phrases. Avoid pasting secrets, private keys, passwords, or sensitive proprietary code into any coding assistant context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares very generic activation cues tied to common coding tasks, making it likely to activate during ordinary user requests rather than only when explicitly intended. In an agent environment, broad triggers can cause accidental routing to this skill, expanding its authority and increasing the chance that untrusted code-generation, debugging, or review behavior is invoked unexpectedly.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation guidance lists only short, generic trigger words without defining strict boundaries, confirmation requirements, or exclusion conditions. Because the skill handles broad programming workflows, ambiguous activation can lead to unintended execution during normal conversation, potentially exposing user code or causing the agent to follow the skill's behavior when another tool or safer default response was intended.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases `调试` and especially `帮我找 Bug` are broad, common requests that can easily appear in ordinary conversation and unintentionally activate this skill. In an agent system with multiple skills, this increases the chance of misrouting user intent, causing the debugging prompt template to take over when the user did not explicitly opt into this workflow.

Natural-Language Policy Violations

Medium
Confidence
77% confidence
Finding
The skill is authored entirely in Chinese and prescribes Chinese output structure without offering language selection or honoring the user's preferred language. This can create usability and safety issues in multilingual environments, including misunderstood remediation steps or incorrect operator actions if users cannot reliably interpret debugging guidance.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely generic ('写代码' / '帮我写代码') and are likely to match a very large share of ordinary user requests, causing this skill to activate broadly and potentially overshadow more specialized or safer skills. In an agent environment, overly broad routing increases the chance of unintended prompt injection exposure, misrouting, or inappropriate handling of requests outside the skill’s intended scope.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases `代码审查` and especially `帮我审查代码` are broad, natural-language requests that can easily overlap with ordinary user intents in a general coding assistant. This can cause the skill to activate unintentionally, steering conversations into a rigid prompt template and potentially overriding more appropriate handling or user-specific instructions.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill is authored entirely in Chinese and its output template assumes Chinese responses, without offering language negotiation or documenting a justified locale restriction. While not a direct security exploit, this can create unsafe misunderstandings in code review and security guidance when users operate in another language, increasing the chance of misinterpretation of important warnings or remediation steps.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.