Back to skill

Security audit

Ruiping

Security checks across malware telemetry and agentic risk

Overview

This is an opinionated Chinese news-commentary skill with disclosed search-style behavior and no evidence of hidden access, exfiltration, or unsafe automatic actions.

Install this only if you want an assertive news-analysis style. Treat its investment, career, and current-events recommendations as opinion, verify sources before relying on them, and use explicit prompts if you do not want ordinary news questions answered in this fixed commentary format.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill claims it can search for current news, filter items, and produce grounded commentary, but the file only contains prompting and output templates with no demonstrated retrieval, verification, or sourcing enforcement. This mismatch can mislead users into trusting fabricated 'latest news' analyses as factual, which is especially risky because the skill explicitly gives decision-oriented advice for investing, work, and daily life.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code materially underdelivers on the advertised capability: it emits a fixed template with placeholders while the skill metadata promises deep news analysis and decision-oriented recommendations. This can mislead users or downstream agents into trusting fabricated or incomplete output as substantive analysis, creating integrity and decision-risk issues even though there is no direct code-execution or data-exfiltration behavior.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The module and CLI description present the tool as a 'generator' while the docstring admits the substantive analysis is delegated elsewhere, so users may reasonably infer capabilities the script does not possess. This is primarily a transparency and trust-boundary issue: users may rely on output without understanding it is only a formatting wrapper.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance uses very broad natural-language triggers such as asking what is worth commenting on recently, which can match ordinary user requests and cause the skill to engage unintentionally. In an agent ecosystem, this increases the chance of prompt routing mistakes, unexpected tool/skill invocation, and generation of strong opinionated advice when the user may not have explicitly requested this skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very broad everyday phrases such as '怎么看' and '有什么看法', which can cause the skill to activate during ordinary conversation unrelated to this tool. Unintended invocation can hijack the assistant's behavior, forcing a rigid output protocol and opinionated framing in contexts where the user did not ask for this skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The guidance says users can input ordinary news statements alone and the skill will 'directly output' a full review, making activation ambiguous and increasing collisions with normal chat about current events. In an agent environment, this can unexpectedly override default assistant behavior and push users into a high-confidence, opinionated template without clear consent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The 'lazy mode' phrase '最近有什么值得评的大事?' is broad enough to overlap heavily with general assistant queries about news or trends. Because the skill insists on a specific response style and decision advice, accidental activation can distort the assistant's intended behavior and create misleading certainty around unverified current events.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.