Mountain Daoist Guide

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only daily lifestyle guide that uses a Daoist-themed tone and ordinary weather/date context, with no code execution, persistence, credentials, or high-impact permissions.

Install this if you want daily advice in a Chinese traditional-philosophy style. Be aware it may take over broad weather or daily-routine prompts with a fixed persona and seven-section format, and avoid sharing precise location details unless needed for weather guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad and map to very common requests such as daily advice, weather, and generic phrases like '今天怎么样', which can cause the skill to activate in many unrelated conversations. Over-broad activation can override user intent, inject unsolicited persona-driven content, and increase the chance the agent fetches or synthesizes unnecessary contextual data for routine requests.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill mandates a fixed persona and speaking style ('山中小道士', specific metaphoric tone) without checking whether the user wants that format. While not directly a code-execution issue, this can degrade alignment with user expectations, make responses less transparent, and reduce the agent's ability to adapt tone or present sensitive guidance plainly when needed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal