Security audit

段永平文化分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a local company-culture checklist and simple scoring script with no evidence of hidden access, data collection, persistence, or privileged actions.

Safe to install from an agentic-security perspective. Treat its ratings as a subjective investment-analysis framework, not financial advice, and verify any company assessment with independent evidence before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises broad triggers such as analyzing company culture or asking whether a company culture is good, without sufficiently constraining scope, required inputs, or disambiguation. This can cause the agent to invoke the skill in situations where it is not the best fit, leading to unreliable analysis, over-application of an investment framework, or unintended influence on user decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.