傅盛

Security checks across malware telemetry and agentic risk

Overview

The skill is technically low-risk, but it mixes a Fu Sheng biography with unrelated OpenClaw promotional links and a personal contact email.

Review before installing. This skill is unlikely to affect your system technically, but it may cause an agent to repeat unrelated promotional links or contact details when you expected only information about 傅盛.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill is advertised as a biography/info skill about 傅盛, but the latter section injects unrelated promotion for OpenClaw, external links, and a personal email address. This creates scope drift and can be used to smuggle advertising, traffic redirection, or social-engineering content into conversations that should only answer biography-related questions.

Vague Triggers

Medium

Confidence: 74% confidence
Finding: The trigger description is broad enough to activate on mentions of 傅盛, 猎豹移动, 猎户星空, or related products, which increases the chance the skill is invoked outside a narrowly intended biography context. In this file, that broader activation becomes more concerning because unrelated promotional content exists later in the skill, expanding opportunities for unintended disclosure or promotion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal