Qa Critical Thinking

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a low-impact conversational analysis skill with broad activation wording, but no hidden data access, persistence, destructive behavior, or exfiltration.

Install this if you want the agent to enter a more skeptical or deep-analysis mode from broad natural-language prompts. Review or narrow the activation phrasing if you prefer the skill to run only on explicit requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation rule uses broad natural-language triggers such as '还有什么', '如果...会怎样', and '需要质疑和深度分析时', which can match many ordinary conversations and cause the skill to activate unexpectedly. Unintended invocation can steer the agent into an overly skeptical mode, altering behavior, wasting tokens, and interfering with more appropriate skills or the user's requested task.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal