Back to skill

Security audit

Chinese Naming Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese baby-naming guide, but users should avoid sharing more family birth and identity details than they actually need.

Install only if you are comfortable using a template that may contain family names, birth times, birthplaces, and optional parent bazi details. Treat the filled-out requirements document as private, omit optional parent details unless everyone consents, and avoid uploading or sharing identifying information unnecessarily.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This template collects highly sensitive personal data, including full names, birth time, birthplace, and family relationship details, but provides no privacy notice, minimization guidance, or handling constraints. In the context of a naming skill, some of this may be functionally relevant, but the absence of warnings or safeguards increases the risk of unnecessary exposure, retention, or downstream misuse of personal and quasi-identity data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The parent-bazi section requests additional sensitive third-party data about the parents, including birth times, birthplaces, and inferred metaphysical profile data, without consent, necessity justification, or privacy handling instructions. This is more dangerous because it expands collection beyond the direct user/child to other identifiable individuals, increasing privacy and compliance risk if the data is stored, shared, or processed insecurely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.