Structural Testing

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only structural testing writing and reference aid with no code execution, credential access, persistence, or hidden install behavior.

Reasonable to install as a structural testing knowledge and drafting aid. Verify formulas, parameters, journal rankings, literature references, and generated technical claims against primary sources or domain experts before using them in experiments, grant applications, or papers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase set includes broad requests like '帮我写振动台试验相关内容', which can overlap with normal user requests and cause unintended skill activation. In an agent environment, this increases the chance that the skill hijacks unrelated conversations, changing response behavior without clear user intent or explicit invocation.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The description is written in Chinese and frames the skill as a Chinese-language expert assistant, which can bias routing and output language even when the user did not request Chinese. This is primarily a usability and policy-compliance issue: it may override user language preference, reduce accessibility, and create confusing responses, but it does not by itself enable code execution or data exfiltration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal