自媒体运营全能助手

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese social media operations guide with no code, installs, credentials, or system access requested.

Safe to install as a marketing guidance skill. Treat the custom-service contact as optional third-party promotion, and avoid sharing sensitive business, customer, or account data outside the agent unless you intentionally choose to contact the author.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill is user-invocable and broadly framed as a general-purpose social media assistant, so it may activate on many ordinary requests that only loosely relate to its intended scope. Over-broad activation can cause inappropriate routing, unexpected behavior, or overshadow more suitable skills, which is a real quality and safety issue even if it does not directly enable code execution or data exfiltration.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The metadata and content are entirely Chinese-oriented, with no indication that language should follow user preference or that the skill is restricted to Chinese-speaking users. This can cause the skill to respond in an unexpected language, reducing usability and potentially leading to misunderstandings in generated marketing guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal