Copyku

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward marketing copywriting assistant with no evidence of hidden system access or harmful behavior.

Before installing, be aware that the skill may respond to common marketing words like headline, caption, or iklan and choose a format automatically. Review generated copy for accuracy and compliance with your own advertising standards, but the package does not show signs of hidden access or unsafe behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The Quick Copy mode advertises very short, generic trigger phrases such as 'headline kursus online' and 'iklan makanan ringan' that overlap with normal conversation. In an agent environment, broad invocation patterns can cause unintended activation or routing, making the skill respond when the user did not explicitly intend to invoke it.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The Smart Detection section maps common words like 'iklan', 'caption', 'headline', and 'jual' to behavior changes without defining scope, precedence, or confirmation. Ambiguous keyword matching can misclassify user intent and silently alter output style or workflow, which is risky in multi-skill or conversational contexts where these words appear incidentally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal