自媒体内容创作大师---一键生成

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a content-creation workflow with no evidence of hidden access, persistence, credential handling, or destructive behavior.

This looks safe to install for writing/content help. Be aware that generic phrases like “写文章” or “内容创作” may activate it more often than intended, so users who prefer explicit control should narrow the trigger wording or confirm before entering the workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include very generic requests such as '写文章' and '内容创作', which can match ordinary user intent too broadly and cause the skill to activate unexpectedly. Over-broad activation can hijack unrelated conversations, route users into an unintended workflow, and increase the chance that prerequisite checks or downstream skills are invoked without clear user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal