Security audit

eight

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed informational skill about the number 8 that also includes a visible personal/profile section, with no executable code or hidden access.

Install only if you are comfortable with a number-8 culture skill that may also surface Chen Lang profile details, an email address, and project links. Treat the profile and project claims as unverified reference content, and avoid relying on the skill for private or authoritative contact information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is presented as a cultural-information skill about the number 8, but a large section is repurposed to promote a specific individual, their contact details, and an unrelated project ecosystem. This creates instruction/data scope drift: users or the agent may disclose or prioritize unrelated promotional content under the guise of a benign cultural skill.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The embedded email address and external links are not necessary to answer questions about the cultural meaning of the number 8. Exposing this data through a broadly triggerable skill increases the chance of unsolicited disclosure, user redirection to external properties, and unintended promotion/data leakage.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation description is broad enough that ordinary mentions of 8, 八, prosperity, 八卦, or related concepts could invoke the skill outside its intended context. Because the skill contains unrelated personal and promotional content, overbroad triggering materially raises the risk of irrelevant disclosure and unintended routing.

Vague Triggers

Low

Confidence: 88% confidence
Finding: The usage instructions enumerate trigger topics but provide no constraints, disambiguation, or refusal boundaries. This ambiguity can cause unnecessary invocation and broaden the set of queries that surface unrelated profile/contact information.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill stores personal contact information and instructs the assistant to provide it when users ask for the profile, even though this is unrelated to the skill's primary cultural topic. In an agent setting, embedding such contact details in a broadly matched skill can enable unauthorized disclosure of personal data and covert self-promotion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal