知乎回答生成器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Zhihu writing and marketing-assistance skill, with spam/compliance risks but no evidence of hidden access, code execution, persistence, or data theft.

Install only if you want help drafting Zhihu content that may include promotional or lead-generation framing. Review outputs for transparency, avoid deceptive calls to action, and make sure any marketing content follows Zhihu rules and applicable advertising norms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation trigger includes broad marketing-oriented phrases such as '知乎引流' and 'zhihu answer' without narrowing the context, which can cause the skill to activate for loosely related requests and steer conversations toward promotional content. In this skill, that risk is amplified because the workflow explicitly includes lead-generation tactics like公众号/私信引导, making unintended or excessive marketing assistance more likely.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill openly markets '引流技巧' but does not warn users that it generates promotional lead-generation content, which can blur the line between neutral writing help and covert marketing assistance. Given the examples and workflow explicitly encourage soft conversion tactics, users may unknowingly produce spammy, deceptive, or policy-violating content for third-party platforms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal