Calendar - 万年历查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed calendar lookup helper that calls JisuAPI with a configured API key and shows no hidden or destructive behavior.

Install this if you are comfortable using JisuAPI for calendar and holiday queries. Prefer a dedicated JisuAPI key, monitor quota and provider policy, and avoid sending sensitive context when only a date is needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger description includes broad language like '或类似万年历问题', which weakens invocation boundaries and can cause the agent to route loosely related queries into this skill. Over-broad triggering increases the chance of unintended external API calls, unnecessary disclosure of user-provided date/context data to a third party, and incorrect tool selection in multi-skill environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal