Security audit

shuangwen-skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese creative-writing skill for fictional web-novel and short-drama prompts, with no code execution or hidden access.

Install this as a Chinese fiction-writing helper. Be aware that its default story style emphasizes conflict, humiliation, and reversal, and avoid entering private details or seeking real medical/legal advice through the fictional scenarios or optional video-prompt workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 97% confidence
Finding: The skill is written entirely in Chinese and constrains the interaction format and output style without offering a language choice or opt-in. This can exclude users who do not read Chinese, cause misunderstanding of the task, and reduce safe, informed use because the user may not understand defaults such as the built-in emphasis on humiliation and escalation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal