Zengming

Security checks across malware telemetry and agentic risk

Overview

This is a simple reference skill about Zeng Ming that does not ask for sensitive access, code execution, or background behavior.

This appears safe to install from a security perspective. Treat it as a short static summary, not an authoritative or current source; verify important quotes or recent views from primary public materials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill defines very broad trigger examples such as generic mentions of '曾鸣' and open-ended opinion queries, which can cause the agent to invoke this skill outside its intended scope. This creates a routing/scope-quality issue where unrelated requests may be answered from this narrow knowledge base, increasing the risk of incorrect attribution, hallucinated authority, or inappropriate override of better-matched skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal