🍳 BigFood · 冰箱管家（食材识别·菜谱推荐·冰箱管理）| Fridge to Table & Recipe AI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a food, fridge, and recipe helper with some broad activation wording but no evidence of harmful behavior.

Before installing, understand that the skill may activate on broad Chinese food or cooking phrases. Use it when you intend recipe or fridge help, and avoid sharing sensitive images or personal details that are not needed for meal recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger list contains very generic everyday phrases such as “冰箱”, “菜谱”, “做饭”, and “食材”, which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the chance of unintended routing, context capture, and execution of the skill when the user did not intend to invoke it.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation rules use ambiguous examples like “等” and broad patterns such as “吃什么/推荐菜谱/冰箱有啥/今晚吃啥”, without defining strict boundaries for when the skill should take over. This can lead to accidental invocation on ordinary chat, reducing user control and potentially exposing user-provided images or text to unintended analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal