微头条素材库

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed writing-template helper for Toutiao micro-post content and does not contain executable code, hidden persistence, credential use, or data exfiltration behavior.

This appears safe to install as a content-writing helper. Be aware that its trigger wording is somewhat broad, so it may be invoked for generic writing requests unless you explicitly choose another skill or clarify that the request is not for Toutiao/微头条 content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger description is broad enough to match many generic content-creation requests such as emotional stories, money-making tips, or popular-content writing, not just clearly scoped Toutiao micro-post use. In an agent environment, this can cause unintended invocation of the skill, leading to misrouting, oversharing of platform-specific growth tactics, and reduced control over which tool handles user prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal