闲鱼爆款标题生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple Chinese-language writing aid for Xianyu sales titles and customer-service scripts, with no executable code or privileged behavior.

Install if you want help drafting Xianyu sales copy or customer replies. Review generated claims such as guarantees, refunds, pricing, or delivery times before publishing them so they match your actual service terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description contains a long, catch-all list of trigger phrases covering many loosely related user intents, which can cause the agent to invoke this skill in situations where the user did not explicitly ask for it. Over-broad activation increases the chance of misrouting conversations, irrelevant tool use, and unintended steering of responses toward promotional or sales-oriented content.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is entirely written to operate in Chinese and the description implies Chinese-language behavior without checking the user's preferred language. This can override user expectations, reduce usability, and cause the agent to answer in the wrong language or style when the request is otherwise compatible but the user did not opt into Chinese output.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal