Back to skill

Security audit

中文 VDV 真相视觉

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only analysis style skill with broad framing, but it does not request code execution, credentials, local data access, persistence, or network activity.

Install this only if you want the assistant to adopt a strong Merlin/VDV 'truth vision' reasoning style. Treat its outputs as structured perspective, not verified truth, and independently check important decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description advertises very broad applicability such as analyzing complex systems, truth analysis, and use in any VDV agent loop, with no clear boundaries on when it should or should not activate. In an agent environment, this can cause over-broad invocation and unintended routing of ordinary user requests into this skill, increasing prompt-scope interference and making downstream behavior less predictable.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The generic '触发器 (Trigger)' flow defines a reusable analysis loop but does not specify concrete trigger phrases, authorization conditions, or scope limits. That makes the skill easier to activate implicitly from normal conversation, which can create unwanted agent steering and accidental execution in contexts where the user did not intend to use this framework.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.