Back to skill

Security audit

Moa Engine

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only skill for structured multi-role problem solving, with no evidence of hidden data access, persistence, commands, or exfiltration.

Install this if you want verbose, Chinese-language structured analysis for complex tasks. Expect longer answers with staged expert/critic sections; for simple questions or users who need another language, the skill may be heavy-handed unless adapted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s activation criteria are intentionally expansive, covering vague cases like 'complex tasks', 'high-quality output', and 'multi-dimensional review'. This can cause the skill to intercept ordinary requests unnecessarily and force a rigid multi-stage process that overrides simpler, safer, or more appropriate handling, increasing prompt-scope and instruction-precedence risk.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill is written entirely in Chinese and presents output conventions in Chinese without offering language negotiation or documenting that Chinese is a required locale. This can cause unintended language override, reducing user comprehension and making it harder for users or downstream systems to verify whether the skill is behaving as intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.