Back to skill

Security audit

CN Business Compliance Check

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Chinese business compliance checklist that may over-trigger but does not request code execution, credentials, file access, or account control.

Safe to install as a checklist-style compliance aid. Treat its output as general guidance rather than legal advice, and be aware it may interrupt business-planning conversations unless activation is narrowed to explicit China business compliance review requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger terms are very broad and include common words such as '合规', '合法', '风险', and '中国法律', which are likely to appear in many unrelated user requests. This can cause the skill to activate outside its intended scope, leading to inappropriate policy-style blocking, unnecessary legal guidance, or interference with other agent workflows.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.